CVE-2026-39522EUVD-2026-3747217.06.2026, 13:20Unauthenticated Local File Inclusion in Solene <= 3.4 versions.PHP Remote File InclusionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary8.1 HIGHNETWORKHIGHNONECVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HAwaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: 33%Common Weakness EnumerationCWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.Referenceshttps://patchstack.com/database/wordpress/theme/solene/vulnerability/wordpress-solene-theme-3-4-local-file-inclusion-vulnerability?_s_id=cve