ThemeREX Cobble allows attackers to access sensitive local files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ThemeREX Cobble allows attackers to access sensitive local files

CVE-2025-69399

Summary

A vulnerability in ThemeREX Cobble allows attackers to access and potentially read sensitive local files on your website. This could lead to unauthorized access to sensitive information. Update to version 1.8 or later to fix the issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Cobble cobble allows PHP Local File Inclusion.This issue affects Co...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/cobble/vulnerability/wordpress-c...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026