Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
ThemeREX Manoir Allows Attackers to Access Local Files
CVE-2026-28019
Summary
A security weakness in ThemeREX Manoir allows hackers to access your website's internal files, which could lead to sensitive data theft or other malicious activities. This affects versions of Manoir up to 1.11. To fix this, update to a newer version of Manoir or consider replacing it with a more secure theme.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Ma...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through <= 1.11.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026