High severity7.5NVD Advisory· Published Feb 19, 2026· Updated Apr 15, 2026
CVE-2026-27052
CVE-2026-27052
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a through < 1.1.9.
Affected products
1- Range: < 1.1.9
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.