Mikado-Themes Aviana allows attackers to access local files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Mikado-Themes Aviana allows attackers to access local files

CVE-2026-22387

Summary

A security weakness in Mikado-Themes Aviana allows hackers to access and potentially view sensitive files on a website. This means an attacker could exploit this weakness to view private information or disrupt the website. Update to version 2.2 or later to fix the issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affec...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/aviana/vulnerability/wordpress-a...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026