CVE-2026-27065 - ThimPress BuilderPress - Local File Inclusion

Overview

ThimPress BuilderPress <= 2.0.1 contains a local file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires crafted input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can include local files, potentially leading to code execution or information disclosure.

Mitigation

Update to the latest version beyond 2.0.1.

References

https://patchstack.com/database/wordpress/plugin/builderpress/vulnerability/wordpress-builderpress-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve

Social Media Activity(4 posts)

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-27065 - Critical (9.8) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27065/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-27065 - Critical (9.8) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27065/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-27065 - Critical (9.8) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27065/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

TheHackerWire

@thehackerwire

Mar 19, 2026

🔴 CVE-2026-27065 - Critical (9.8) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through 2.0.1. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27065/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

CVE-2026-27065 - Vulnerability Analysis

Overview

Severity & Score

Impact

Mitigation

References

Social Media Activity(4 posts)

Related Resources

Details

CWE

CVSS Metrics

EPSS Score