CVE-2026-32392
Local File Inclusion Vulnerability in Greenly PHP
Publication date: 2026-03-13
Last updated on: 2026-03-16
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| creatives_planet | greenly | to 8.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32392 is a Local File Inclusion (LFI) vulnerability in the WordPress Greenly Theme versions up to and including 8.1.
This vulnerability allows an attacker with at least Contributor or Developer privileges to include local files from the target website and display their contents.
The included files may contain sensitive information such as database credentials.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'An attacker exploiting this vulnerability can access and display sensitive local files on the server.'}, {'type': 'paragraph', 'content': 'This may lead to exposure of critical information like database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, this could enable a full database takeover."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a Local File Inclusion (LFI) issue in the WordPress Greenly Theme up to version 8.1, which allows an attacker with Contributor or Developer privileges to include local files. Detection typically involves checking for unusual file inclusion attempts or scanning the theme version.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you can verify the installed Greenly Theme version. If it is version 8.1 or below, it is vulnerable.'}, {'type': 'paragraph', 'content': 'Suggested commands to check the theme version on your WordPress installation:'}, {'type': 'list_item', 'content': 'Navigate to the WordPress themes directory: `cd /path/to/wordpress/wp-content/themes/greenly`'}, {'type': 'list_item', 'content': "Check the version in the style.css file: `grep 'Version:' style.css`"}, {'type': 'paragraph', 'content': 'Additionally, monitoring web server logs for suspicious requests attempting to include local files or unusual query parameters related to file inclusion can help detect exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to update the Greenly Theme to version 8.2 or later, where this vulnerability has been patched.
If updating immediately is not possible, restrict user privileges to prevent untrusted users from having Contributor or Developer roles, as the vulnerability requires such privileges to be exploited.
Additionally, consider implementing web application firewall (WAF) rules to block attempts to exploit Local File Inclusion vulnerabilities.