CVE-2026-32392
Received Received - Intake

Local File Inclusion Vulnerability in Greenly PHP

Vulnerability report for CVE-2026-32392, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-13

Last updated on: 2026-03-16

Assigner: Patchstack

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-13
Last Modified
2026-03-16
Generated
2026-07-06
AI Q&A
2026-03-13
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
creatives_planet greenly to 8.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-32392 is a Local File Inclusion (LFI) vulnerability in the WordPress Greenly Theme versions up to and including 8.1.

This vulnerability allows an attacker with at least Contributor or Developer privileges to include local files from the target website and display their contents.

The included files may contain sensitive information such as database credentials.

Impact Analysis

[{'type': 'paragraph', 'content': 'An attacker exploiting this vulnerability can access and display sensitive local files on the server.'}, {'type': 'paragraph', 'content': 'This may lead to exposure of critical information like database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, this could enable a full database takeover."}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a Local File Inclusion (LFI) issue in the WordPress Greenly Theme up to version 8.1, which allows an attacker with Contributor or Developer privileges to include local files. Detection typically involves checking for unusual file inclusion attempts or scanning the theme version.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you can verify the installed Greenly Theme version. If it is version 8.1 or below, it is vulnerable.'}, {'type': 'paragraph', 'content': 'Suggested commands to check the theme version on your WordPress installation:'}, {'type': 'list_item', 'content': 'Navigate to the WordPress themes directory: `cd /path/to/wordpress/wp-content/themes/greenly`'}, {'type': 'list_item', 'content': "Check the version in the style.css file: `grep 'Version:' style.css`"}, {'type': 'paragraph', 'content': 'Additionally, monitoring web server logs for suspicious requests attempting to include local files or unusual query parameters related to file inclusion can help detect exploitation attempts.'}] [1]

Mitigation Strategies

The immediate and recommended mitigation step is to update the Greenly Theme to version 8.2 or later, where this vulnerability has been patched.

If updating immediately is not possible, restrict user privileges to prevent untrusted users from having Contributor or Developer roles, as the vulnerability requires such privileges to be exploited.

Additionally, consider implementing web application firewall (WAF) rules to block attempts to exploit Local File Inclusion vulnerabilities.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32392. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart