CVE-2026-22364
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress sites using the SevenTrees theme version 1.0.2 and earlier, potentially enabling attackers to read sensitive files or execute arbitrary code.
💻 Affected Systems
- WordPress SevenTrees Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data exfiltration, and lateral movement within the network.
Likely Case
Local file inclusion allowing reading of sensitive configuration files (wp-config.php, /etc/passwd) and potential information disclosure.
If Mitigated
Limited impact if proper file permissions and web server configurations restrict access to sensitive directories.
🎯 Exploit Status
Simple path traversal techniques can exploit this vulnerability. Public exploit code is available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: >1.0.2
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/seventrees/vulnerability/wordpress-seventrees-theme-1-0-2-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Appearance > Themes
3. Check if SevenTrees theme is installed
4. If version <=1.0.2, update to latest version or remove the theme
5. Replace with alternative theme if update not available
🔧 Temporary Workarounds
Theme Deactivation
allTemporarily disable the vulnerable theme
wp theme deactivate seventrees
wp theme activate twentytwentyfour
File Permission Restriction
linuxRestrict web server access to sensitive directories
chmod 600 wp-config.php
chmod 700 /etc/
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block LFI patterns and path traversal attempts
- Disable the theme completely and use a different WordPress theme
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel under Appearance > Themes for SevenTrees theme version <=1.0.2Check Version:
wp theme list --name=seventrees --field=versionVerify Fix Applied:
Verify theme version is >1.0.2 or theme is completely removed from wp-content/themes/ directory📡 Detection & Monitoring
Log Indicators:
- Unusual include/require statements in PHP error logs
- Requests with ../ patterns in URL parameters
- Access attempts to wp-config.php or other sensitive files
Network Indicators:
- HTTP requests with path traversal sequences (../, ..\) in query parameters
- Requests to theme files with unusual parameters
SIEM Query:
source="web_logs" AND (url="*../*" OR url="*..\\*" OR url="*wp-config.php*") AND user_agent!="*bot*"