Mikado-Themes Holmes theme allows hackers to access local files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Mikado-Themes Holmes theme allows hackers to access local files

CVE-2026-22399

Summary

A security issue in the Mikado-Themes Holmes theme could allow hackers to access and view sensitive files on a website. This is a concern for website administrators, as it could lead to unauthorized access to confidential information. To fix this issue, update the Holmes theme to a version newer than 1.7.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affec...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/holmes/vulnerability/wordpress-h...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026