CVE-2026-27093 - Vulnerability Analysis

Overview

Ovatheme Tripgo < 1.5.6 contains a file inclusion vulnerability caused by improper control of filename in include/require statements, letting remote attackers include local files, exploit requires crafted request.

Severity & Score

Impact

Remote attackers can include and execute local files, potentially leading to code execution or information disclosure.

Mitigation

Update to version 1.5.6 or later.

References

• https://patchstack.com/database/wordpress/theme/tripgo/vulnerability/wordpress-tripgo-theme-1-5-3-local-file-inclusion-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 19, 2026

🟠 CVE-2026-27093 - High (8.1) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ovatheme Tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a before 1.5.6. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27093/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner