CVE-2025-52808
Description
The RealtyElite WordPress theme up to 1.0.0 has a local file inclusion vulnerability enabling attackers to read sensitive files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The RealtyElite WordPress theme up to 1.0.0 has a local file inclusion vulnerability enabling attackers to read sensitive files.
The RealtyElite WordPress theme versions up to and including 1.0.0 contain a PHP Local File Inclusion (LFI) vulnerability due to improper control of filenames in include/require statements [1]. This flaw allows an attacker to include arbitrary local files from the server.
Exploitation requires no authentication and can be carried out by sending crafted HTTP requests to the vulnerable theme. The attack surface is the web server's file system, accessible through the theme's include functionality [1].
Successful exploitation enables an attacker to read sensitive files, such as wp-config.php containing database credentials. This could lead to complete database compromise if the credentials are reused or misconfigured [1].
Patchstack has flagged this vulnerability as highly dangerous and expected to be exploited in mass campaigns. Users are strongly advised to update the theme to a patched version immediately. If unavailable, contacting the hosting provider or a developer for mitigation is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.