CVE-2026-32392
Received Received - Intake
Local File Inclusion Vulnerability in Greenly PHP

Publication date: 2026-03-13

Last updated on: 2026-03-16

Assigner: Patchstack

Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32392
EUVD
EUVD-2026-11903
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
creatives_planet greenly to 8.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32392 is a Local File Inclusion (LFI) vulnerability in the WordPress Greenly Theme versions up to and including 8.1.

This vulnerability allows an attacker with at least Contributor or Developer privileges to include local files from the target website and display their contents.

The included files may contain sensitive information such as database credentials.

Impact Analysis

[{'type': 'paragraph', 'content': 'An attacker exploiting this vulnerability can access and display sensitive local files on the server.'}, {'type': 'paragraph', 'content': 'This may lead to exposure of critical information like database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, this could enable a full database takeover."}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability is a Local File Inclusion (LFI) issue in the WordPress Greenly Theme up to version 8.1, which allows an attacker with Contributor or Developer privileges to include local files. Detection typically involves checking for unusual file inclusion attempts or scanning the theme version.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you can verify the installed Greenly Theme version. If it is version 8.1 or below, it is vulnerable.'}, {'type': 'paragraph', 'content': 'Suggested commands to check the theme version on your WordPress installation:'}, {'type': 'list_item', 'content': 'Navigate to the WordPress themes directory: `cd /path/to/wordpress/wp-content/themes/greenly`'}, {'type': 'list_item', 'content': "Check the version in the style.css file: `grep 'Version:' style.css`"}, {'type': 'paragraph', 'content': 'Additionally, monitoring web server logs for suspicious requests attempting to include local files or unusual query parameters related to file inclusion can help detect exploitation attempts.'}] [1]

Mitigation Strategies

The immediate and recommended mitigation step is to update the Greenly Theme to version 8.2 or later, where this vulnerability has been patched.

If updating immediately is not possible, restrict user privileges to prevent untrusted users from having Contributor or Developer roles, as the vulnerability requires such privileges to be exploited.

Additionally, consider implementing web application firewall (WAF) rules to block attempts to exploit Local File Inclusion vulnerabilities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32392. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart