CVE-2026-22365
Local File Inclusion Vulnerability in Soleng
Publication date: 2026-02-20
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axiomthemes | soleng | to 1.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22365 is a Local File Inclusion (LFI) vulnerability found in the WordPress Soleng Theme versions up to and including 1.0.5. It allows unauthenticated attackers to exploit improper control of filename parameters in PHP include/require statements, enabling them to include and display local files from the target website.
This vulnerability is classified as high priority with a CVSS score of 8.1 and falls under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to exposure of sensitive information such as database credentials by allowing attackers to include and view local files on the server.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, attackers could potentially achieve a complete database takeover."}, {'type': 'paragraph', 'content': 'No authentication is required to exploit this vulnerability, increasing the risk of attack.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'The CVE-2026-22365 vulnerability is a Local File Inclusion (LFI) issue affecting the WordPress Soleng Theme up to version 1.0.5. Detection typically involves monitoring for attempts to include local files via HTTP requests targeting the vulnerable theme.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided in the resources, common detection methods include inspecting web server logs for suspicious requests containing file inclusion patterns, such as URLs with parameters attempting to include local files (e.g., using "../" sequences).'}, {'type': 'list_item', 'content': "Use tools like grep to search web server access logs for suspicious patterns: grep -i 'soleng' /var/log/apache2/access.log | grep -E '(\\.|%2e){2,}'"}, {'type': 'list_item', 'content': 'Employ web vulnerability scanners that can detect LFI vulnerabilities in WordPress themes.'}, {'type': 'list_item', 'content': 'Monitor for unusual file access or error logs indicating attempts to include local files.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for CVE-2026-22365, immediate mitigation involves applying the Patchstack mitigation rule designed to block attacks exploiting this vulnerability.
Patchstack recommends implementing this mitigation to protect affected websites until a safe and tested patch is released.
- Apply the Patchstack mitigation rule to block exploitation attempts.
- Monitor your website and server logs for suspicious activity related to file inclusion attempts.
- Consider disabling or removing the vulnerable Soleng theme if immediate patching is not possible.
- Keep your WordPress installation and themes updated and watch for official patches or updates from the theme developer.