Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Quanzo Theme: Unapproved Files Can Be Accessed on Your Site
CVE-2026-27989
Summary
The Quanzo theme for WordPress may allow hackers to access and view any file on your website if an attacker knows the file name. This could lead to sensitive data being exposed. To fix this, update Quanzo to version 1.0.11 or later.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Qu...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quanzo: from n/a through <= 1.0.10.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026