ThemeREX Vixus allows attackers to access sensitive files on your server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ThemeREX Vixus allows attackers to access sensitive files on your server

CVE-2026-27998

Summary

A security issue in ThemeREX Vixus theme for WordPress allows hackers to access files on your website by tricking the system into including malicious files. This could lead to sensitive information being exposed or malicious code being executed. To fix this, update to the latest version of ThemeREX Vixus or remove the vulnerable theme from your website.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vixus vixus allows PHP Local File Inclusion.This issue affects Vixu...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/vixus/vulnerability/wordpress-vi...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026