ApusTheme Homeo allows hackers to access local files on your server

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

ApusTheme Homeo allows hackers to access local files on your server

CVE-2026-39681

Summary

A security issue in ApusTheme Homeo could allow an attacker to access and view files on your server. This is a serious issue because it could allow hackers to steal sensitive information or disrupt your website's functionality. We recommend updating to a newer version of ApusTheme Homeo (1.2.60 or later) to fix this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Hom...

Original description

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/homeo/vulnerability/wordpress-ho...

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026