PatchSiren cyber security CVE debrief
CVE-2026-57801 Select-Themes CVE debrief
A vulnerability was found in the SetSail theme for WordPress, affecting versions up to and including 2.1. This issue allows for PHP Local File Inclusion due to improper control of filenames for include/require statements, categorized as a PHP Remote File Inclusion vulnerability. The vulnerability's CVSS score is 7.5, indicating a high severity level. Users and administrators of WordPress installations using the SetSail theme should review their deployments for potential exposure and take immediate action to mitigate risks. Evidence for this vulnerability comes from the NVD and Patchstack, providing a reliable basis for this assessment. Further verification is recommended to confirm affected deployments and assess potential impact. The CVE record was published on 2026-07-13T10:16:44.337Z and has not been modified since.
- Vendor
- Select-Themes
- Product
- SetSail
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of the SetSail theme for WordPress, particularly those with version 2.1 or earlier installed, should be aware of this vulnerability and take necessary precautions.
Technical summary
The SetSail theme for WordPress, version 2.1 and earlier, is vulnerable to PHP Local File Inclusion. This is due to improper control of filenames in include/require statements, which can be exploited for PHP Remote File Inclusion attacks. The vulnerability's CVSS score is 7.5, indicating a high severity level.
Defensive priority
High priority should be given to updating the SetSail theme to a version that fixes this vulnerability and restricting access to sensitive files and directories to mitigate potential attacks.
Recommended defensive actions
- Update the SetSail theme to the latest version available.
- Restrict access to sensitive files and directories.
- Monitor for suspicious activity related to file inclusion.
Evidence notes
Evidence for this vulnerability comes from the NVD and Patchstack. The CVE record was published on 2026-07-13T10:16:44.337Z and has not been modified since. The NVD entry is currently Received. Further verification is recommended to confirm affected deployments and assess potential impact.
Official resources
-
CVE-2026-57801 CVE record
CVE.org
-
CVE-2026-57801 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:44.337Z and has not been modified since.