PatchSiren cyber security CVE debrief
CVE-2026-57790 ThemeMove CVE debrief
CVE-2026-57790 is a HIGH severity vulnerability in the Billey theme, affecting PHP Local File Inclusion. The issue is caused by Improper Control of Filename for Include/Require Statement in PHP Program. This vulnerability has a CVSS score of 7.5. The vulnerability affects Billey theme version 2.1.8 or earlier. Users of Billey theme should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. The CVE record was published on 2026-07-13T10:16:43.030Z and has not been modified since then.
- Vendor
- ThemeMove
- Product
- Billey
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Billey theme version 2.1.8 or earlier should apply patches or mitigations to prevent potential PHP Local File Inclusion attacks. Operators of affected systems should review the official CVE record and NVD entry for more information. Vulnerability management and security teams should prioritize patching or mitigating this vulnerability.
Technical summary
The vulnerability, CVE-2026-57790, is caused by Improper Control of Filename for Include/Require Statement in PHP Program, leading to PHP Local File Inclusion. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability affects Billey theme version 2.1.8 or earlier. The vulnerability has a CVSS score of 7.5.
Defensive priority
High priority should be given to patching or mitigating this vulnerability in Billey theme version 2.1.8 or earlier.
Recommended defensive actions
- Apply patches or updates to Billey theme version 2.1.8 or earlier.
- Implement compensating controls to prevent PHP Local File Inclusion attacks.
- Monitor for potential exploitation attempts.
- Review the official CVE record and NVD entry for more information.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-07-13T10:16:43.030Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability affects Billey theme version 2.1.8 or earlier. Users should review the official CVE record and NVD entry for more information.
Official resources
-
CVE-2026-57790 CVE record
CVE.org
-
CVE-2026-57790 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:43.030Z and has not been modified since then. The NVD entry is currently Received.