CVE-2026-27339 HIGH

CVE-2026-27339: WordPress Buzz Stone | Magazine & Viral Blog WordPress Theme theme <= 1.0.2 - Local File Inclusion vulnerability

Vendor Ancorathemes
Product Buzz Stone | Magazine & Viral Blog WordPress Theme
Weakness CWE-98 · PHP file inclusion
Published March 5, 2026
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue affects Buzz Stone | Magazine & Viral Blog WordPress Theme: from n/a through <= 1.0.2.

Explanation of Vulnerability in Simple Terms

02Summary

The Buzz Stone WordPress theme contains a vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service. The flaw requires specific network conditions to exploit but does not require user interaction. All versions up to 1.0.2 are affected. Site administrators should update immediately when a patch becomes available.

What an attacker can do

03Attacker Capabilities

Read sensitive data, modify site content, or cause the site to become unavailable without needing to log in.

Potential impact on your site

04Site Impact

Attackers could steal data, deface your site, or take it offline without any credentials or user interaction.

Conditions required to exploit

05Prerequisites

Network access to the site; specific network conditions must be present (attack complexity is high).

Key dates

06Disclosure timeline

March 5, 2026 CVE published
April 28, 2026 Record updated