A vulnerability, which was classified as critical, has been found in AncoraThemes Impacto Patronus Plugin up to 1.2.3 on WordPress. The impacted element is an unknown function. Performing a manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).
This vulnerability is known as CVE-2026-22375. Remote exploitation of the attack is possible. No exploit is available.
