CVE-2026-22499

Name of the Vulnerable Software and Affected Versions Elated-Themes Lella versions n/a through 1.2

Description The software contains a flaw due to improper control of the filename for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The vulnerable component allows an attacker to include files from within the system.

Recommendations Versions prior to 1.2 should be updated.