CVE-2026-22397 | Mikado-Themes Fleur Plugin up to 2.0 on WordPress filename control
A vulnerability classified as critical has been found in Mikado-Themes Fleur Plugin up to 2.0 on WordPress. Affected by this issue is some unknown functionality. Performing a manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion').
This vulnerability is identified as CVE-2026-22397. The attack can be initiated remotely. There is not any exploit available.