Skip to main content

Solene Core

1 CVEs product

Monthly

CVE-2026-39523 HIGH This Week

Unauthenticated Local File Inclusion in the Solene Core WordPress plugin (versions <= 2.3.2) by elated-themes allows remote attackers to include and execute arbitrary local PHP files on the server without authentication. The CVSS 8.1 rating reflects full confidentiality, integrity, and availability impact, though high attack complexity suggests non-trivial exploitation prerequisites. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI Solene Core
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated Local File Inclusion in the Solene Core WordPress plugin (versions <= 2.3.2) by elated-themes allows remote attackers to include and execute arbitrary local PHP files on the server without authentication. The CVSS 8.1 rating reflects full confidentiality, integrity, and availability impact, though high attack complexity suggests non-trivial exploitation prerequisites. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

PHP Information Disclosure LFI +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy