AncoraThemes Isida allows attackers to access local files via PHP code injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

AncoraThemes Isida allows attackers to access local files via PHP code injection

CVE-2026-22372

Summary

A security issue in AncoraThemes Isida allows attackers to access and potentially read local files on a website. This could lead to sensitive information being exposed. Update to version 1.4.3 or later to fix the issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects ...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/isida/vulnerability/wordpress-is...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026