Hoverex Theme: Malicious Files Can Be Served from Your Server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Hoverex Theme: Malicious Files Can Be Served from Your Server

CVE-2026-22452

Summary

The Hoverex theme has a security issue that allows attackers to make your server serve any file they want. This means that if an attacker can trick your website into loading a malicious file, they could potentially steal sensitive information or take control of your website. To fix this, update to version 1.5.11 or later of the Hoverex theme.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Hoverex hoverex allows PHP Local File Inclusion.This issue affects ...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/hoverex/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026