CVE-2026-28065

Name of the Vulnerable Software and Affected Versions ThemeREX Eject versions through 2.17

Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for unauthorized access and potential code execution.

Recommendations Update ThemeREX Eject to a version newer than 2.17.