CVE-2026-57792

Mikado-Themes · Dør

The Dør WordPress theme contains a Local File Inclusion (LFI) vulnerability resulting from improper validation of filenames used in include/require functions.

Executive summary

A Local File Inclusion vulnerability in the Mikado-Themes Dør WordPress theme allows authenticated attackers to potentially access sensitive files or execute arbitrary code.

Vulnerability

This vulnerability (CWE-98) allows an authenticated attacker to perform Local File Inclusion. By manipulating parameters that influence file inclusion, an attacker can read local system files or execute malicious scripts under the context of the web server.

Business impact

An LFI vulnerability can result in the full compromise of the affected web application. With a CVSS score of 7.5, this high-severity flaw threatens the confidentiality and integrity of site data and can facilitate further lateral movement within the hosting environment.

Remediation

Immediate Action: Since no patch is currently available, administrators should deactivate the Dør theme until the vendor provides a secure update.

Proactive Monitoring: Monitor server logs for unusual file access patterns or attempts to include non-standard files within the web root.

Compensating Controls: Utilize a Web Application Firewall (WAF) to inspect and block requests that attempt to traverse directories or include local files via URL parameters.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

The absence of a patch requires immediate defensive measures, such as disabling the theme or implementing robust WAF rules. Security teams should remain vigilant and apply the vendor-provided update as soon as it is released to remediate the underlying code flaw.