CVE-2026-32392

High

Published: 13 March 2026

Published

13 March 2026

Modified

22 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 34.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32392 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

LFI in public-facing WordPress theme directly enables exploitation of the app (T1190) and local file reads for data access (T1005), directory/file enumeration (T1083), and credential files such as wp-config.php (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through <= 8.1.

Deeper analysisAI

CVE-2026-32392 is an Improper Control of Filename for Include/Require Statement in PHP Program vulnerability, referred to as PHP Remote File Inclusion but enabling PHP Local File Inclusion (CWE-98), in the Creatives_Planet Greenly WordPress theme. This issue affects Greenly versions from n/a through 8.1. Published on 2026-03-13T19:54:54.733, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), rated as High severity.

Low-privileged authenticated users can exploit this vulnerability remotely over the network, though it requires high attack complexity and no user interaction. Successful exploitation allows attackers to achieve high impacts on confidentiality, integrity, and availability, enabling local file inclusion that could lead to unauthorized access to sensitive files or further compromise of the affected WordPress site.

Patchstack advisories document the vulnerability in the Greenly WordPress theme version 8.1, with details available at https://patchstack.com/database/Wordpress/Theme/greenly/vulnerability/wordpress-greenly-theme-8-1-local-file-inclusion-vulnerability?_s_id=cve.

Details

CWE(s): CWE-98

CVEs Like This One

CVE-2026-28034Shared CWE-98

CVE-2026-22415Shared CWE-98

CVE-2026-32500Shared CWE-98

CVE-2025-26137Shared CWE-98

CVE-2025-59558Shared CWE-98

CVE-2026-28021Shared CWE-98

CVE-2026-28053Shared CWE-98

CVE-2025-69409Shared CWE-98

CVE-2026-28028Shared CWE-98

CVE-2025-58803Shared CWE-98

References

https://patchstack.com/database/Wordpress/Theme/greenly/vulnerability/wordpress-greenly-theme-8-1-local-file-inclusion-vulnerability?_s_id=cve
audit@patchstack.com