{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27065", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-17T13:23:42.767Z", "datePublished": "2026-03-19T08:39:06.032Z", "dateUpdated": "2026-05-13T00:33:15.552Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "builderpress", "product": "BuilderPress", "vendor": "ThimPress", "versions": [{"lessThanOrEqual": "2.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:44:03.067Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.<p>This issue affects BuilderPress: from n/a through <= 2.0.1.</p>"}], "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:15:01.110Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/builderpress/vulnerability/wordpress-builderpress-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T13:52:47.129860Z", "id": "CVE-2026-27065", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T00:33:15.552Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27065", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-19T13:52:47.129860Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T13:53:42.872Z"}}], "cna": {"title": "WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ThimPress", "product": "BuilderPress", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.0.1"}], "packageName": "builderpress", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:44:03.067Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/builderpress/vulnerability/wordpress-builderpress-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.<p>This issue affects BuilderPress: from n/a through <= 2.0.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:15:01.110Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27065", "state": "PUBLISHED", "dateUpdated": "2026-05-13T00:33:15.552Z", "dateReserved": "2026-02-17T13:23:42.767Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-19T08:39:06.032Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1."}, {"lang": "es", "value": "La vulnerabilidad de 'Control inadecuado del nombre de fichero para la declaraci\u00f3n Include/Require en el programa PHP' ('inclusi\u00f3n remota de ficheros PHP') en ThimPress BuilderPress permite la inclusi\u00f3n local de ficheros PHP. Este problema afecta a BuilderPress: desde n/a hasta 2.0.1."}], "id": "CVE-2026-27065", "lastModified": "2026-04-23T15:37:15.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-03-19T09:16:17.807", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/builderpress/vulnerability/wordpress-builderpress-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "builderpress", "vendor": "thimpress"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T17:23:34.097299+00:00", "value": {"mitigation_remediation": ["Update the BuilderPress plugin to a release newer than 2.0.1.", "If an update is not yet available, restrict writable directories and remove the ability to specify arbitrary file paths in the plugin configuration.", "Implement a web application firewall rule that blocks requests containing suspicious path traversal sequences.", "Verify that the WordPress core and all other plugins are up\u2011to\u2011date and that no other modules expose similar include functionality."], "summary": {"action": "Immediate Patch", "impact": "Local File Inclusion, potential read of sensitive files or execution"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in all installations of the ThimPress BuilderPress WordPress plugin up to and including version 2.0.1. The affected product is the BuilderPress plugin for WordPress, supplied by ThimPress.", "description_and_impact": "The flaw stems from unsanitised input that is directly used in an include or require statement in the BuilderPress plugin. A carefully crafted request can cause the plugin to include any file located on the server. This allows an attacker to read configuration files, passwords, or other sensitive data, and if the attacker can point the include to a malicious PHP file, arbitrary code execution on the web server may result. The weakness aligns with CWE\u201198: Improper Control of Filename for Include/Require Statement.", "risk_and_exploitability": "The CVSS score is 9.8, but the EPSS rating indicates a probability of exploitation of less than 1\u202f%. The issue is not currently included in the CISA Known Exploited Vulnerabilities catalog. The most likely attack vector is a remote user sending a crafted HTTP request that triggers the vulnerable include path, which can be performed without authentication. Although the exploit probability is low, the impact could be severe if the attacker gains access to confidential files or achieves code execution."}}}}, "created": "2026-03-20T08:57:02.301575+00:00", "updated": "2026-04-28T17:30:10.621087+00:00", "vendors": ["thimpress", "thimpress$PRODUCT$builderpress", "wordpress", "wordpress$PRODUCT$wordpress"]}