Local File Inclusion Vulnerability in SetSail Theme by Select-Themes
CVE-2026-22423
8.1HIGH
What is CVE-2026-22423?
The SetSail theme developed by Select-Themes has a Local File Inclusion vulnerability due to improper control of filename parameters within PHP include/require statements. This flaw can be exploited to include arbitrary files, leading to potential unauthorized access to sensitive data on the server. This issue affects all versions of SetSail up to and including 1.8, making it crucial for users to apply necessary security patches or updates to safeguard their WordPress installations.
Affected Version(s)
SetSail 0 <= 1.8
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program