Berger ThemeREX PHP File Inclusion Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Berger ThemeREX PHP File Inclusion Vulnerability

CVE-2025-53335

Summary

An attacker can access sensitive files on the server by tricking Berger's configuration into including malicious files. This could allow them to steal data or compromise the site. Update to version 1.1.2 or later to fix this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Be...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/berger/vulnerability/wordpress-b...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026