PT-2026-23155 · Mikado Themes · Fiorello

Tran Nguyen Bao Khanh

Published

2026-03-05

Updated

2026-03-08

CVE-2026-22395

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mikado-Themes Fiorello versions prior to 1.1

Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. The affected component is the Fiorello theme.

Recommendations Update to Fiorello version 1.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98

Related Identifiers

CVE-2026-22395

Affected Products

Fiorello

PT-2026-23155 · Mikado Themes · Fiorello

CVE-2026-22395

Weakness Enumeration

Related Identifiers

Affected Products

References · 3