CVE-2026-22503

Name of the Vulnerable Software and Affected Versions ThemeREX Nelson versions n/a through 1.2.0

Description A flaw exists in ThemeREX Nelson due to improper control of filename handling for include/require statements in the PHP program, leading to a PHP Local File Inclusion issue. The vulnerability allows for the inclusion of local PHP files.

Recommendations Update ThemeREX Nelson to a version later than 1.2.0.