PHP Remote File Inclusion Vulnerability in Elated-Themes Roisin
CVE-2026-22512

8.1HIGH

Key Information:

Vendor: WordPress
Status: Roisin
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-22512?

The Elated-Themes Roisin theme is vulnerable to a PHP Remote File Inclusion (RFI) issue that allows attackers to exploit improper control of the filename for include or require statements. This flaw enables unauthorized access to local files on the server, potentially leading to sensitive information exposure or remote code execution. Users of Roisin versions up to 1.2.1 are at risk, making it crucial to implement security measures and upgrade to the latest version.

Affected Version(s)

Roisin 0 <= 1.2.1

References

https://patchstack.com/database/Wordpress/Theme/roisin/vu...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 7, 2026

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program

CVE-2026-22512 Data

JSON

WordPress

What is CVE-2026-22512?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit