PatchSiren cyber security CVE debrief
CVE-2026-57803 Select-Themes CVE debrief
CVE-2026-57803 is a HIGH severity vulnerability (CVSS Score: 7.5) in the Struktur Core plugin, allowing for PHP Local File Inclusion due to improper control of filenames for include/require statements. The vulnerability affects Struktur Core from n/a through version 2.5.1. Users of Struktur Core plugin version 2.5.1 or earlier should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. The CVE record was published on 2026-07-13T10:16:44.567Z and has not been modified since then. Affected product deployments should be identified in managed environments, and owners should be assigned for follow-up.
- Vendor
- Select-Themes
- Product
- Struktur Core
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Struktur Core plugin version 2.5.1 or earlier should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. Affected operators, platforms, vulnerability-management teams, and security teams should review the vulnerability and take necessary actions to protect their environments.
Technical summary
CVE-2026-57803 is a HIGH severity vulnerability (CVSS Score: 7.5) in the Struktur Core plugin, allowing for PHP Local File Inclusion due to improper control of filenames for include/require statements. The vulnerability affects Struktur Core from n/a through version 2.5.1. This issue can be mitigated by applying patches or updates for Struktur Core plugin version 2.5.1 or earlier and restricting file inclusion to only trusted sources.
Defensive priority
Apply patches or updates for Struktur Core plugin version 2.5.1 or earlier to prevent potential PHP Local File Inclusion attacks. Restrict file inclusion to only trusted sources and monitor for suspicious file inclusion attempts.
Recommended defensive actions
- Apply patches or updates for Struktur Core plugin version 2.5.1 or earlier.
- Restrict file inclusion to only trusted sources.
- Monitor for suspicious file inclusion attempts.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record and NVD entry provide limited information about the vulnerability. Further investigation and verification are necessary to fully understand the scope and impact of CVE-2026-57803. The vulnerability affects Struktur Core plugin versions from n/a through 2.5.1, allowing for PHP Local File Inclusion due to improper control of filenames for include/require statements. Defenders should verify the presence of affected product deployments in managed environments and review official advisories for validation of affected scope, severity, and vendor guidance.
Official resources
-
CVE-2026-57803 CVE record
CVE.org
-
CVE-2026-57803 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:44.567Z and has not been modified since then.