CVE Vulnerabilities - 5 March 2026

ShiftCV ThemeREX ShiftCV File Inclusion Risk

CVE-2026-28015

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ShiftCV shift-cv all...

8.1

ThemeREX Translogic allows attackers to access local files

CVE-2026-28014

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Translogic translogi...

8.1

Kratz Theme: Malicious Files Can Be Loaded

CVE-2026-28013

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kratz kratz allows P...

8.1

Gridiron ThemeREX allows malicious files to be loaded from the local computer

CVE-2026-28012

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gridiron gridiron al...

8.1

Yottis Theme Allows Access to Local Files

CVE-2026-28011

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yottis yottis allows...

8.1

ThemeREX Scientia Scientia Allows Malicious Files to be Opened

CVE-2026-28010

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Scientia scientia al...

8.1

DroneX Theme Allows Access to Server Files

CVE-2026-28009

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX DroneX dronex allows...

8.1

Coinpress Theme: Malicious File Can Be Imported

CVE-2026-28007

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coinpress coinpress ...

8.1

ThemeREX Yungen: Attacker can access local files

CVE-2026-28006

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yungen yungen allows...

8.1

ThemeREX Vixus allows attackers to access sensitive files on your server

CVE-2026-27998

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vixus vixus allows P...

8.1

Maxify ThemeREX allows attackers to read any local PHP file

CVE-2026-27997

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Maxify maxify allows...

8.1

Lingvico Theme: Unintended File Access Through Malicious File Names

CVE-2026-27996

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Lingvico lingvico al...

8.1

ThemeREX Justitia allows hackers to access sensitive files on your server

CVE-2026-27995

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Justitia justitia al...

8.1

Tediss ThemeREX allows attackers to access internal PHP files

CVE-2026-27994

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tediss tediss allows...

8.1

Aldo theme allows hackers to access local files

CVE-2026-27993

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aldo aldo allows PHP...

8.1

Meals & Wheels Theme: Malicious Files Can Be Accessed

CVE-2026-27992

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Meals & Wheels meals...

8.1

Avventure Theme Allows Access to Your Own Files

CVE-2026-27991

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Avventure avventure ...

8.1

ThemeREX ConFix allows attackers to access local files

CVE-2026-27990

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows...

8.1

Quanzo Theme: Unapproved Files Can Be Accessed on Your Site

CVE-2026-27989

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows...

8.1

ThemeREX Equadio allows hackers to access your files

CVE-2026-27988

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Equadio equadio allo...

8.1

ThemeREX The Qlean: Malicious Files Can Be Accessed

CVE-2026-27987

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX The Qlean the-qlean ...

8.1

PHP Files Can Be Tricked into Opening Unauthorized Files in OsTende

CVE-2026-27986

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allo...

8.1

Humanum ThemeREX: Unsecured File Access via Malicious File Name

CVE-2026-27985

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Humanum humanum allo...

8.1

Aora: Malicious Files Can Be Accessed from Local System

CVE-2026-27381

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP ...

8.1

BoldThemes Celeste: Untrusted Data Can Inject Malicious Code

CVE-2026-27369

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= ...

8.1