Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-26748

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

WordPress Arkhe theme <= 3.11.0 - CSRF to Local File Inclusion vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0.

References

https://patchstack.com/database/wordpress/theme/arkhe/vulnerability/wordpress-a… vdb-entry
https://patchstack.com/database/wordpress/theme/arkhe/vulnerability/wordpress-a… vdb-entry

Affected products

arkhe

=<3.11.0

Matching in nixpkgs

pkgs.typstPackages.arkheion_0_1_0

A simple template reproducing popular arXiv templates

nixos-unstable -
- nixpkgs-unstable 0.1.0

Package maintainers

@cherrypiejam Gongqi Huang

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.typstPackages.arkheion_0_1_0

Package maintainers