ThemeREX Artrium Allows Malicious File Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ThemeREX Artrium Allows Malicious File Access

CVE-2026-28097

Summary

The ThemeREX Artrium theme for WordPress has a security flaw that allows an attacker to access and potentially read sensitive files on the server. This could lead to unauthorized access to sensitive information. Update to version 1.0.15 or later to fix this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Artrium artrium allows PHP Local File Inclusion.This issue affects ...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/artrium/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026