Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
ThemeREX Alliance allows hackers to read local files
CVE-2026-22443
Summary
A security issue in ThemeREX Alliance allows hackers to access sensitive local files on a website. This could lead to confidential data being exposed or malicious code being executed. Update to version 3.1.2 or later to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Alliance alliance allows PHP Local File Inclusion.This issue affect...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Alliance alliance allows PHP Local File Inclusion.This issue affects Alliance: from n/a through <= 3.1.1.
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026