CVE-2026-22368
📋 TL;DR
This CVE describes a PHP Local File Inclusion vulnerability in the Redy WordPress theme by axiomthemes, allowing attackers to include arbitrary local files via improper filename control in include/require statements. It affects all versions up to and including 1.0.2, potentially enabling unauthorized access to sensitive files on the server. Users of the Redy theme on WordPress sites are at risk if the vulnerable version is installed.
💻 Affected Systems
- axiomthemes Redy WordPress theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution by including malicious PHP files, leading to data theft, site defacement, or malware deployment.
Likely Case
Unauthorized access to sensitive local files (e.g., configuration files, logs) containing credentials or other private data, potentially escalating to further attacks.
If Mitigated
Limited impact if file permissions are restricted and input validation blocks malicious paths, but residual risk of information disclosure may persist.
🎯 Exploit Status
Exploitation likely involves simple HTTP requests to trigger file inclusion; no authentication is required, making it easy for attackers to attempt.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 1.0.2 (check vendor for specific fixed version)
Vendor Advisory: https://patchstack.com/database/Wordpress/Theme/redy/vulnerability/wordpress-redy-theme-1-0-2-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check for updates to the Redy theme. 4. If an update is available, apply it immediately. 5. Alternatively, replace the theme with a secure version or remove it if unused.
🔧 Temporary Workarounds
Disable or Remove Theme
allTemporarily disable or delete the Redy theme to eliminate the vulnerability until patching is possible.
wp theme deactivate redy
wp theme delete redy
Restrict File Inclusion Paths
allModify PHP configuration to limit include paths and disable allow_url_include if enabled.
Edit php.ini to set: allow_url_include = Off
Set open_basedir to restrict accessible directories
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block requests with suspicious file inclusion patterns.
- Monitor and audit file access logs for unusual activity related to include/require statements.
🔍 How to Verify
Check if Vulnerable:
Check the theme version in WordPress admin under Appearance > Themes; if Redy version is 1.0.2 or earlier, it is vulnerable.Check Version:
wp theme list --name=redy --field=versionVerify Fix Applied:
After updating, confirm the theme version is above 1.0.2 and test by attempting to trigger file inclusion via controlled inputs.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to theme files with parameters like 'file=' or 'include=' pointing to local paths
- Errors in PHP logs related to failed file inclusions or permission denials
Network Indicators:
- Spikes in requests to theme-specific URLs, especially with encoded paths or traversal sequences (e.g., '../')
SIEM Query:
source="web_logs" AND (url="*redy*" AND (param="*file*" OR param="*include*")) AND status=200