What the vulnerability does
01Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68.
Explanation of Vulnerability in Simple Terms
02Summary
The Ronneby Theme Core contains a vulnerability that allows authenticated users with low privileges to read sensitive data, modify site content, or disrupt service. The flaw requires network access and non-trivial attack complexity. All versions up to 1.5.68 are affected. A patch status is unknown; contact the vendor for updates.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify site content, or cause service disruption on the affected site.
Potential impact on your site
04Site Impact
Authenticated users can access restricted data, alter pages/posts, or crash the site depending on their role.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated