Struktur
Monthly
Local File Inclusion in the Select-Themes "Struktur" WordPress theme (all versions up to and including 2.5.1) lets an authenticated attacker coerce a PHP include/require statement into loading arbitrary local files on the server, exposing sensitive content such as wp-config.php credentials and, under the right conditions, escalating to code execution. Tracked as CVE-2026-57802 (CWE-98) and reported by Patchstack, it carries a CVSS 7.5 rating; there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS vector's PR:L indicates authentication is required and AC:H reflects non-trivial exploitation preconditions.
Local File Inclusion in the Select-Themes "Struktur" WordPress theme (all versions up to and including 2.5.1) lets an authenticated attacker coerce a PHP include/require statement into loading arbitrary local files on the server, exposing sensitive content such as wp-config.php credentials and, under the right conditions, escalating to code execution. Tracked as CVE-2026-57802 (CWE-98) and reported by Patchstack, it carries a CVSS 7.5 rating; there is no public exploit identified at time of analysis and it is not on CISA KEV. The CVSS vector's PR:L indicates authentication is required and AC:H reflects non-trivial exploitation preconditions.