Mikado-Themes Marra: Remote File Access through Malicious File Names

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Mikado-Themes Marra: Remote File Access through Malicious File Names

CVE-2026-22414

Summary

A security issue in Mikado-Themes Marra could allow an attacker to access and read local files on a website using a specially crafted file name. This is a concern for website owners because it could allow an attacker to gain sensitive information about the site's configuration or content. To fix this issue, website owners and administrators should update to the latest version of Marra, version 1.3 or higher.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Marra marra allows PHP Local File Inclusion.This issue affects...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/marra/vulnerability/wordpress-ma...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026