TopFit Fitness Theme Can Access Local Files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

TopFit Fitness Theme Can Access Local Files

CVE-2026-27342

Summary

The TopFit fitness theme allows an attacker to access any file on the website's server, potentially leading to sensitive information being leaked. This issue affects the TopFit fitness theme, and users should update to the latest version to fix the problem.

Original title

Original description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through <= 1.9.

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/topfit/vulnerability/wordpress-t...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026