PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57790 ThemeMove CVE debrief

CVE-2026-57790 is a HIGH severity vulnerability in the Billey theme, affecting PHP Local File Inclusion. The issue is caused by Improper Control of Filename for Include/Require Statement in PHP Program. This vulnerability has a CVSS score of 7.5. The vulnerability affects Billey theme version 2.1.8 or earlier. Users of Billey theme should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. The CVE record was published on 2026-07-13T10:16:43.030Z and has not been modified since then.

Vendor
ThemeMove
Product
Billey
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of Billey theme version 2.1.8 or earlier should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. Operators of affected systems should review the official CVE record and NVD entry for more information. Vulnerability management and security teams should prioritize patching or mitigating this vulnerability.

Technical summary

The vulnerability, CVE-2026-57790, is caused by Improper Control of Filename for Include/Require Statement in PHP Program, leading to PHP Local File Inclusion. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability affects Billey theme version 2.1.8 or earlier. The vulnerability has a CVSS score of 7.5.

Defensive priority

High priority should be given to patching or mitigating this vulnerability in Billey theme version 2.1.8 or earlier.

Recommended defensive actions

  • Apply patches or updates to Billey theme version 2.1.8 or earlier.
  • Implement compensating controls to prevent PHP Local File Inclusion attacks.
  • Monitor for potential exploitation attempts.
  • Review the official CVE record and NVD entry for more information.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-13T10:16:43.030Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability affects Billey theme version 2.1.8 or earlier. Users should review the official CVE record and NVD entry for more information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:43.030Z and has not been modified since then. The NVD entry is currently Received.