Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Mikado-Themes Cocco cocco Exposes Local Files via Malicious File Requests
CVE-2026-22389
Summary
A security issue in Cocco, a WordPress theme, allows hackers to access and view local files on a website. This can be a concern for website owners who use Cocco, as it could potentially expose sensitive information. To protect your site, update Cocco to version 1.5.2 or later.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 1.5.1.
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026