{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27079", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-17T13:23:58.963Z", "datePublished": "2026-03-25T16:14:55.169Z", "dateUpdated": "2026-03-25T16:14:55.169Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "amfissa", "product": "Amfissa", "vendor": "Mikado-Themes", "versions": [{"lessThanOrEqual": "<= 1.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:34.788Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.<p>This issue affects Amfissa: from n/a through <= 1.1.</p>"}], "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:55.169Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/amfissa/vulnerability/wordpress-amfissa-theme-1-1-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1."}], "id": "CVE-2026-27079", "lastModified": "2026-03-25T17:16:55.443", "metrics": {}, "published": "2026-03-25T17:16:55.443", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/amfissa/vulnerability/wordpress-amfissa-theme-1-1-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "amfissa", "vendor": "mikado-themes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-25T18:43:08.301001+00:00", "value": {"mitigation_remediation": ["Update the Amfissa theme to the latest version (1.2 or newer) to remove the vulnerable file inclusion code."], "summary": {"action": "Apply Immediate Update", "impact": "Local File Inclusion that could expose private data or enable execution of malicious code"}, "threat_synthesis": {"affected_systems": "Mikado\u2011Themes Amfissa themes up to and including version 1.1 are affected. This applies to all WordPress installations that have the Amfissa theme installed and are running a version at or below 1.1.", "description_and_impact": "The Amfissa theme contains an improper control of filenames in a PHP include/require statement, which allows a local file inclusion vulnerability. An attacker who can influence the path used in the include may read arbitrary files from the server, potentially leaking sensitive configuration or credential details. If the attacker can supply a file containing PHP code, they could achieve remote code execution, compromising the entire site.", "risk_and_exploitability": "The CVSS score is not provided, and no EPSS score is available, but the vulnerability allows local file inclusion and may lead to code execution. The attack vector is inferred to be through publicly accessible web requests that are processed by the theme without proper path sanitization. As it is not listed in CISA\u2019s KEV catalog, there is no record of active exploitation, yet the nature of the flaw warrants prompt remediation."}}}}, "created": "2026-03-25T21:43:57.989363+00:00", "updated": "2026-03-26T11:37:55.907067+00:00", "vendors": ["mikado-themes", "mikado-themes$PRODUCT$amfissa", "wordpress", "wordpress$PRODUCT$wordpress"]}