AncoraThemes Playa playa allows attackers to access local files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

AncoraThemes Playa playa allows attackers to access local files

CVE-2026-22437

Summary

A security issue in Playa, a plugin for websites, can allow hackers to access and view sensitive files on the server. This is a concern because it could lead to unauthorized access to confidential information. To protect your website, update to a version of Playa that is not affected by this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Playa playa allows PHP Local File Inclusion.This issue affects ...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/playa/vulnerability/wordpress-pl...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026