CVE-2026-57795
Received Received - Intake

PHP Local File Inclusion in Kitchor

Vulnerability report for CVE-2026-57795, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through <= 1.4.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
themelexus kitchor to 1.4.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57795 is a Local File Inclusion (LFI) vulnerability in the WordPress Kitchor Theme, versions 1.4.3 and below. This flaw allows attackers to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements.

If exploited, an attacker could access sensitive files on the server, such as configuration files or database credentials, depending on the server's configuration.

This vulnerability is classified under the OWASP Top 10 category A3: Injection and has a CVSS v3.1 base score of 7.5, indicating a significant security risk.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information by allowing attackers to include and view local files on the affected website.

Such exposure could reveal critical data like database credentials, configuration files, or other sensitive information stored on the server.

The impact includes potential data breaches, loss of confidentiality, and increased risk of further exploitation or compromise of the website.

Detection Guidance

This vulnerability involves Local File Inclusion (LFI) in the WordPress Kitchor Theme, which allows attackers to include and display local files from the target website.

To detect this vulnerability, you can look for unusual HTTP requests attempting to include local files via URL parameters related to the theme's include or require statements.

Common detection methods include monitoring web server logs for suspicious requests containing file path traversal patterns such as "../" or attempts to access sensitive files like "/etc/passwd".

Example commands to search for such patterns in web server logs (assuming Apache logs):

  • grep -i 'kitchor' /var/log/apache2/access.log | grep -E '\.\./|etc/passwd'
  • grep -E 'include|require' /var/log/apache2/access.log | grep '\.\./'

Additionally, vulnerability scanners or web application scanners that support LFI detection can be used to test the site.

Mitigation Strategies

Immediate mitigation steps include updating the WordPress Kitchor Theme to a non-vulnerable version if available.

Since there is currently no official patch available for this vulnerability, it is recommended to seek assistance from your hosting provider or a web developer to apply temporary fixes or workarounds.

Other mitigation measures include disabling or restricting the vulnerable theme until a patch is released, and implementing web application firewall (WAF) rules to block suspicious requests attempting Local File Inclusion.

Regularly monitor your website and server logs for signs of exploitation and consider restricting file permissions to limit the impact of potential attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57795. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart