Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through <= 3.2.3.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Local File Inclusion
Action: Patch
AI Analysis

Impact

The CVE identifies an improper control of the filename used in PHP include/require statements within the Biolife theme, classified as CWE-98, allowing Local File Inclusion that can expose sensitive server files or enable code execution. The description states the issue permits PHP Local File Inclusion.

Affected Systems

The Biolife theme for WordPress, supplied by kutethemes, is affected in all releases up to and including 3.2.3, as the vulnerability exists from the theme's initial release. Users running these versions should be aware that the flaw is present throughout that range.

Risk and Exploitability

No CVSS score is available, EPSS is not reported, and the vulnerability is not in the KEV catalog. The description suggests that the issue can be triggered via crafted inputs into the theme's include logic, implying a remote web-facing attack vector. Without further data, the likelihood of exploitation cannot be precisely assessed.

Generated by OpenCVE AI on April 8, 2026 at 09:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Biolife theme to any version newer than 3.2.3.
  • If an immediate update is not possible, modify the theme's code to use absolute paths or remove the vulnerable include functionality.
  • Consider deploying a web application firewall to block or rate‑limit suspicious LFI requests.

Generated by OpenCVE AI on April 8, 2026 at 09:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Kutethemes
Kutethemes biolife
Wordpress
Wordpress wordpress
Vendors & Products Kutethemes
Kutethemes biolife
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through <= 3.2.3.
Title WordPress Biolife theme <= 3.2.3 - Local File Inclusion vulnerability
Weaknesses CWE-98
References

Subscriptions

Kutethemes Biolife
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:26.741Z

Reserved: 2026-04-07T10:57:36.650Z

Link: CVE-2026-39623

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:32.547

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39623

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:41:52Z

Weaknesses