Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Lingvico Theme: Unintended File Access Through Malicious File Names
CVE-2026-27996
Summary
The Lingvico theme for WordPress is at risk of allowing hackers to access and read files on your website if they know the correct file name. This could potentially allow them to steal sensitive information. To fix this, update to the latest version of the Lingvico theme.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affect...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affects Lingvico: from n/a through <= 1.0.14.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026