ThemeREX Windsor allows attackers to read sensitive files on server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

ThemeREX Windsor allows attackers to read sensitive files on server

CVE-2026-28081

Summary

A security issue in ThemeREX Windsor theme allows an attacker to read sensitive files on the server, potentially exposing confidential information. This affects versions of Windsor up to 2.5.0. To fix, update to the latest version of ThemeREX Windsor or remove the vulnerable theme from your site.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects ...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/windsor/vulnerability/wordpress-...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026