{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32393", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-03-12T11:11:09.667Z", "datePublished": "2026-03-13T11:42:10.976Z", "dateUpdated": "2026-04-29T09:51:58.827Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "greenly-addons", "product": "Greenly Theme Addons", "vendor": "Creatives_Planet", "versions": [{"changes": [{"at": "8.2", "status": "unaffected"}], "lessThanOrEqual": "8.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:21.148Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.<p>This issue affects Greenly Theme Addons: from n/a through < 8.2.</p>"}], "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-29T09:51:58.827Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/greenly-addons/vulnerability/wordpress-greenly-theme-addons-plugin-8-2-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress Greenly Theme Addons plugin < 8.2 - Local File Inclusion vulnerability"}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T13:30:10.860769Z", "id": "CVE-2026-32393", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:30:15.377Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32393", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-17T13:30:10.860769Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T13:30:07.967Z"}}], "cna": {"title": "WordPress Greenly Theme Addons plugin < 8.2 - Local File Inclusion vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "affected": [{"vendor": "Creatives_Planet", "product": "Greenly Theme Addons", "versions": [{"status": "affected", "changes": [{"at": "8.2", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "< 8.2"}], "packageName": "greenly-addons", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-03-13T12:41:14.063Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/greenly-addons/vulnerability/wordpress-greenly-theme-addons-plugin-8-2-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.<p>This issue affects Greenly Theme Addons: from n/a through < 8.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-13T11:42:10.976Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32393", "state": "PUBLISHED", "dateUpdated": "2026-03-17T13:30:15.377Z", "dateReserved": "2026-03-12T11:11:09.667Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-13T11:42:10.976Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2."}, {"lang": "es", "value": "Control inadecuado del nombre de fichero para la declaraci\u00f3n Include/Require en un programa PHP, vulnerabilidad ('inclusi\u00f3n remota de ficheros PHP') en Creatives_Planet Greenly Theme Addons greenly-addons permite la inclusi\u00f3n local de ficheros PHP. Este problema afecta a Greenly Theme Addons: desde n/a hasta &lt; 8.2."}], "id": "CVE-2026-32393", "lastModified": "2026-04-22T21:30:26.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-13T19:54:54.857", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/greenly-addons/vulnerability/wordpress-greenly-theme-addons-plugin-8-2-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Greenly Theme Addons", "source": "cna", "vendor": "Creatives_Planet"}, "product": "greenly_theme_addons", "vendor": "creatives_planet"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-17T17:21:23.241672+00:00", "value": {"mitigation_remediation": ["Upgrade Greenly Theme Addons to version 8.2 or later", "If an upgrade is not immediately possible, consider disabling or removing the plugin to eliminate the vulnerability", "Verify the server filesystem for any unexpected files that may have been exposed if the vulnerability was exploited", "Monitor web application logs for anomalous file inclusion attempts or unauthorized access patterns"], "summary": {"action": "Patch Immediately", "impact": "Local File Inclusion (Potential RCE)"}, "threat_synthesis": {"affected_systems": "Affected product: Creatives_Planet Greenly Theme Addons. All versions from the initial release up to, but not including, version 8.2 are vulnerable. Any installation using Greenly Theme Addons less than 8.2 is potentially exposed.", "description_and_impact": "The vulnerability is an Improper Control of Filename for Include/Require Statement in PHP, allowing a Local File Inclusion attack in the Greenly Theme Addons plugin of WordPress. This flaw corresponds to CWE-98 and can enable an attacker to include arbitrary files from the server, potentially exposing sensitive data or executing malicious code under the web server\u2019s permission. The impact therefore spans from compromised confidentiality to complete code execution, depending on the files that can be targeted.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity level. The EPSS score is less than 1%, suggesting that the likelihood of exploitation observed in the wild is low at present, and it is not listed in the CISA KEV catalog. However, the attack vector is inferred as a local inclusion triggered via input parameters handled by the plugin; an attacker might need some level of authenticated access or ability to influence the inclusion path, but could also be exploited by publicly accessible URLs if the plugin does not properly sanitize input. Given the high potential impact, it is recommended to address the flaw promptly."}}}}, "created": "2026-03-16T09:34:18.632421+00:00", "updated": "2026-03-23T12:04:08.240513+00:00", "vendors": ["creatives_planet", "creatives_planet$PRODUCT$greenly_theme_addons", "wordpress", "wordpress$PRODUCT$wordpress"]}