Description
Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.
Published: 2026-06-17
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability permits an unauthenticated attacker to influence the file path used in the Reprizo theme, enabling local file inclusion. The flaw can allow the attacker to read sensitive files such as configuration files or contain sensitive data. The weakness corresponds to CWE‑98, which focuses on improper validation of file paths, leading to potential data disclosure and, in some scenarios, escalation of privilege.

Affected Systems

The flaw affects the AxiomThemes Reprizo theme versions up to and including 1.0.8. Any WordPress installation running this theme or its earlier releases is potentially vulnerable. No other versions or products were listed as affected.

Risk and Exploitability

With a CVSS score of 8.1, the vulnerability represents high severity. While the current EPSS score is not available, the lack of a KEV listing suggests that no widespread exploitation has been publicly reported yet. Nevertheless, the vulnerability is exploitable without authentication by submitting crafted requests that manipulate file paths within the theme, so the risk remains significant and the exploitation window should not be ignored.

Generated by OpenCVE AI on June 18, 2026 at 12:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Reprizo theme to the latest available version (any release newer than 1.0.8).
  • If an upgrade is not feasible immediately, remove the Reprizo theme and switch to an alternative theme to eliminate the vulnerability surface.
  • As a temporary mitigation, restrict direct access to the theme’s configuration files via .htaccess or server rules, and disable any file inclusion features exposed by the theme until a patch can be applied.

Generated by OpenCVE AI on June 18, 2026 at 12:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Axiomthemes
Axiomthemes reprizo
Wordpress
Wordpress wordpress
Vendors & Products Axiomthemes
Axiomthemes reprizo
Wordpress
Wordpress wordpress

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Local File Inclusion in Reprizo <= 1.0.8 versions.
Title WordPress Reprizo theme <= 1.0.8 - Local File Inclusion vulnerability
Weaknesses CWE-98
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Axiomthemes Reprizo
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T15:32:01.463Z

Reserved: 2026-01-07T12:21:02.765Z

Link: CVE-2026-22326

cve-icon Vulnrichment

Updated: 2026-06-17T13:36:43.077Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:42:10Z

Weaknesses
  • CWE-98

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')