Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-27993

updated 2 weeks, 2 days ago by @LeSuisse Activity log

Created automatic suggestion 2 weeks, 3 days ago
@LeSuisse removed
3 packages
- aldo
- saldo
- banking
2 weeks, 2 days ago
@LeSuisse dismissed 2 weeks, 2 days ago

WordPress Aldo theme <= 1.0.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aldo aldo allows PHP Local File Inclusion.This issue affects Aldo: from n/a through <= 1.0.10.

References

https://patchstack.com/database/Wordpress/Theme/aldo/vulnerability/wordpress-al… vdb-entry

Affected products

aldo

=<<= 1.0.10

Ignored packages (3)

pkgs.aldo

Morse code training program

nixos-unstable 0.7.8
- nixpkgs-unstable 0.7.8
- nixos-unstable-small 0.7.8
nixos-25.11 0.7.8
- nixos-25.11-small 0.7.8
- nixpkgs-25.11-darwin 0.7.8

pkgs.saldo

Banking application for small screens

nixos-unstable 0.8.4
- nixpkgs-unstable 0.8.4
- nixos-unstable-small 0.8.4
nixos-25.11 0.8.2
- nixos-25.11-small 0.8.2
- nixpkgs-25.11-darwin 0.8.2

pkgs.banking