ThemeREX ConFix allows attackers to access local files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ThemeREX ConFix allows attackers to access local files

CVE-2026-27990

Summary

A security issue in ThemeREX ConFix allows attackers to access files on your website's server. This can lead to sensitive information being stolen or malicious code being executed. Update to the latest version of ThemeREX ConFix to fix this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows PHP Local File Inclusion.This issue affects Co...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/confix/vulnerability/wordpress-c...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026