CVE-2026-57743
Received Received - Intake

PHP Local File Inclusion in RT-Theme 18 Extensions

Vulnerability report for CVE-2026-57743, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through <= 2.5.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
rt-theme rt18-extensions to 2.5 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57743 is a Local File Inclusion (LFI) vulnerability in the WordPress RT-Theme 18 | Extensions Plugin versions 2.5 and below. This flaw allows attackers to exploit improper control of filenames used in PHP include or require statements, enabling them to include local files from the target website.

By exploiting this vulnerability, an attacker can potentially access sensitive files on the server, such as configuration files or database credentials.

Impact Analysis

This vulnerability can have severe impacts including exposure of sensitive data like database credentials.

Depending on the server configuration, an attacker could leverage this to take over the entire database.

The vulnerability has a high severity score (CVSS 8.1) and is likely to be targeted in mass-exploit campaigns, increasing the risk of compromise.

Detection Guidance

This vulnerability involves Local File Inclusion (LFI) in the RT-Theme 18 | Extensions Plugin for WordPress, which can be detected by monitoring for suspicious HTTP requests attempting to include local files.

You can detect potential exploitation attempts by searching your web server logs for requests containing suspicious parameters that try to include local files, such as those containing directory traversal sequences (e.g., ../) or references to sensitive files.

Example commands to detect such attempts include:

  • Using grep to search Apache or Nginx access logs for suspicious patterns: grep -iE "(\.{2}/|etc/passwd|boot.ini)" /var/log/apache2/access.log
  • Using grep to find requests targeting the vulnerable plugin paths: grep -i "rt18-extensions" /var/log/apache2/access.log
  • Using tools like curl or wget to test if the plugin is vulnerable by attempting to include local files (only in a controlled environment).
Mitigation Strategies

Immediate mitigation steps include applying any available updates to the RT-Theme 18 | Extensions Plugin, specifically upgrading beyond version 2.5 if a patch is released.

Since there is currently no official patch, it is advised to implement the mitigation rule issued by Patchstack to block attack attempts targeting this vulnerability.

Additional steps include:

  • Temporarily disabling the vulnerable plugin if possible.
  • Restricting access to the plugin files or the web application using firewall rules or web application firewalls (WAF) to block suspicious requests.
  • Consulting with your hosting provider or a web developer for assistance in applying mitigations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57743. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart