AncoraThemes Blabber blabber allows attackers to read any PHP file on your server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

AncoraThemes Blabber blabber allows attackers to read any PHP file on your server

CVE-2026-22378

Summary

A security issue in AncoraThemes Blabber blabber allows hackers to view and potentially access sensitive information on your server by exploiting a file inclusion flaw. This could lead to unauthorized access to your site's code and data. To protect your site, update to a fixed version of Blabber blabber or contact your developer to address this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affe...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/blabber/vulnerability/wordpress-...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026