Local File Inclusion Vulnerability in SetSail Theme by Select-Themes
CVE-2026-22423

8.1HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
5 March 2026

What is CVE-2026-22423?

The SetSail theme developed by Select-Themes has a Local File Inclusion vulnerability due to improper control of filename parameters within PHP include/require statements. This flaw can be exploited to include arbitrary files, leading to potential unauthorized access to sensitive data on the server. This issue affects all versions of SetSail up to and including 1.8, making it crucial for users to apply necessary security patches or updates to safeguard their WordPress installations.

Affected Version(s)

SetSail 0 <= 1.8

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
.