Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
AncoraThemes Horizon: Malicious File Can Be Included in PHP Code
CVE-2026-22420
Summary
A security issue in AncoraThemes Horizon allows an attacker to include malicious files in PHP code, potentially leading to unauthorized data access or code execution. This affects Horizon versions up to 1.1. Users should update to the latest version to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Horizon horizon allows PHP Local File Inclusion.This issue affe...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Horizon horizon allows PHP Local File Inclusion.This issue affects Horizon: from n/a through <= 1.1.
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026