PHP Remote File Inclusion Vulnerability in Sales Countdown Timer by VillaTheme

CVE-2026-27052

What is CVE-2026-27052?

The Sales Countdown Timer for WooCommerce and WordPress plugin by VillaTheme contains a vulnerability that allows for local file inclusion due to improper control over filename handling in PHP include statements. This vulnerability can potentially enable attackers to execute arbitrary code or read sensitive files on the server, thereby compromising the security of the website. Users of version 1.1.8.1 and earlier are urged to update their plugins to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References