PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57801 Select-Themes CVE debrief

A vulnerability was found in the SetSail theme for WordPress, affecting versions up to and including 2.1. This issue allows for PHP Local File Inclusion due to improper control of filenames for include/require statements, categorized as a PHP Remote File Inclusion vulnerability. The vulnerability's CVSS score is 7.5, indicating a high severity level. Users and administrators of WordPress installations using the SetSail theme should review their deployments for potential exposure and take immediate action to mitigate risks. Evidence for this vulnerability comes from the NVD and Patchstack, providing a reliable basis for this assessment. Further verification is recommended to confirm affected deployments and assess potential impact. The CVE record was published on 2026-07-13T10:16:44.337Z and has not been modified since.

Vendor
Select-Themes
Product
SetSail
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of the SetSail theme for WordPress, particularly those with version 2.1 or earlier installed, should be aware of this vulnerability and take necessary precautions.

Technical summary

The SetSail theme for WordPress, version 2.1 and earlier, is vulnerable to PHP Local File Inclusion. This is due to improper control of filenames in include/require statements, which can be exploited for PHP Remote File Inclusion attacks. The vulnerability's CVSS score is 7.5, indicating a high severity level.

Defensive priority

High priority should be given to updating the SetSail theme to a version that fixes this vulnerability and restricting access to sensitive files and directories to mitigate potential attacks.

Recommended defensive actions

  • Update the SetSail theme to the latest version available.
  • Restrict access to sensitive files and directories.
  • Monitor for suspicious activity related to file inclusion.

Evidence notes

Evidence for this vulnerability comes from the NVD and Patchstack. The CVE record was published on 2026-07-13T10:16:44.337Z and has not been modified since. The NVD entry is currently Received. Further verification is recommended to confirm affected deployments and assess potential impact.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:44.337Z and has not been modified since.