LaunchandSell Tribe tribe exposes sensitive files via local file inclusion

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

LaunchandSell Tribe tribe exposes sensitive files via local file inclusion

CVE-2026-22442

Summary

A security issue in LaunchandSell Tribe tribe allows attackers to access and potentially read sensitive files on the same server. This affects the Tribe plugin, which is used for various business functions. To stay protected, update to a patched version of the plugin, version 1.7.4 or later, as soon as possible.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LaunchandSell Tribe tribe allows PHP Local File Inclusion.This issue affects...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/tribe/vulnerability/wordpress-tr...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026