Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Kratz Theme: Malicious Files Can Be Loaded
CVE-2026-28013
Summary
The Kratz theme has a security issue that can allow hackers to load any file on your website. This can be used to steal sensitive information or disrupt your site. Update Kratz to the latest version (1.0.13 or higher) to fix this issue.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Krat...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Kratz: from n/a through <= 1.0.12.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026