PatchSiren cyber security CVE debrief
CVE-2026-57805 Select-Themes CVE debrief
CVE-2026-57805 is a HIGH severity vulnerability in Tonda theme, a PHP Local File Inclusion vulnerability. The CVE record was published on 2026-07-13T10:16:44.807Z and has not been modified since then. The vulnerability allows attackers to include local files via a manipulated filename, potentially leading to unauthorized access or code execution. Users of Tonda theme should be aware of this vulnerability and take necessary precautions.
- Vendor
- Select-Themes
- Product
- Tonda
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Tonda theme, security teams, and operators of affected systems should be aware of this vulnerability. They should verify Tonda theme versions, review file inclusion controls, and monitor for suspicious activity. This vulnerability may impact system confidentiality, integrity, and availability.
Technical summary
CVE-2026-57805 is a PHP Local File Inclusion vulnerability in Tonda theme, allowing attackers to include local files via a manipulated filename. This vulnerability has a HIGH CVSS score of 7.5, indicating a high severity. The vulnerability is caused by improper control of filename for include/require statement in PHP program.
Defensive priority
High priority due to HIGH CVSS score of 7.5 and potential impact on system confidentiality, integrity, and availability.
Recommended defensive actions
- Verify Tonda theme version and apply patch if available
- Restrict file inclusion to trusted sources
- Monitor for suspicious file inclusion attempts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
Evidence from Patchstack and NVD suggests a PHP Local File Inclusion vulnerability in Tonda theme. The vulnerability allows attackers to include local files via a manipulated filename. Defenders should verify Tonda theme versions, review file inclusion controls, and monitor for suspicious activity. Limited evidence suggests potential impact on Tonda theme users.
Official resources
-
CVE-2026-57805 CVE record
CVE.org
-
CVE-2026-57805 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:44.807Z and has not been modified since then.