A vulnerability classified as problematic has been found in Select-Themes WaveRide Plugin up to 1.4 on WordPress. Impacted is an unknown function. This manipulation causes improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability appears as CVE-2026-39553 . The attack may be initiated remotely. There is no available exploit.