TopScorer WordPress Theme Allows Malicious File Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

TopScorer WordPress Theme Allows Malicious File Access

CVE-2026-27341

Summary

The TopScorer WordPress theme has a security issue that allows hackers to access local files on a website. This could potentially allow an attacker to steal sensitive information or disrupt the site. Update the theme to version 1.3 or later to fix this issue.

Original title

Original description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= 1.2.

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/topscorer/vulnerability/wordpres...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026