ThemeREX Verse allows hackers to access and read files on your server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ThemeREX Verse allows hackers to access and read files on your server

CVE-2026-28128

Summary

A security issue in ThemeREX Verse theme for WordPress allows hackers to access and read files on your server, potentially exposing sensitive information. This is a serious issue that needs to be addressed immediately. Update to the latest version of ThemeREX Verse (1.7.1 or higher) to fix this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Vers...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/verse/vulnerability/wordpress-ve...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026