Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
DroneX Theme Allows Access to Server Files
CVE-2026-28009
Summary
The DroneX theme allows hackers to access and read files on your server, potentially exposing sensitive information. This could happen if a hacker finds a way to exploit this issue, which affects the theme version installed on your website. To stay safe, update to the latest version of the theme.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects Dr...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects DroneX: from n/a through <= 1.1.12.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026