PatchSiren

stmcan CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH stmcan CVE published 2026-07-13

CVE-2026-57745

CVE-2026-57745 is a Reflected Cross-Site Scripting (XSS) vulnerability in RT-Theme 18 | Extensions. The issue affects RT-Theme 18 | Extensions from n/a through version 2.5. This type of vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized actions or data theft. Users of RT-Theme 18 | Extensions, especially those with versions up to 2.5, sho [truncated]

CRITICAL stmcan CVE published 2026-07-13

CVE-2026-57744

A Deserialization of Untrusted Data vulnerability exists in stmcan RT-Theme 18 | Extensions rt18-extensions, potentially allowing Object Injection. The issue affects RT-Theme 18 | Extensions from n/a through version 2.5. The vulnerability has a CVSS score of 9.8 and is classified as CRITICAL. This vulnerability could allow an attacker to inject malicious objects, potentially leading to arbitrary code exec [truncated]

HIGH stmcan CVE published 2026-07-13

CVE-2026-57743

CVE-2026-57743 is a PHP Remote File Inclusion vulnerability in RT-Theme 18 | Extensions, allowing for PHP Local File Inclusion. The vulnerability has a CVSS score of 8.1 and is considered HIGH severity. Users of RT-Theme 18 | Extensions up to version 2.5 should prioritize patching this vulnerability. The official CVE record and NVD detail page provide additional context. The vulnerability affects RT-Theme [truncated]