CVE-2026-22324

Name of the Vulnerable Software and Affected Versions ThemeREX Melania versions through 2.5.0

Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. The issue affects the software's handling of file inclusion, potentially allowing an attacker to include arbitrary local files.

Recommendations Update ThemeREX Melania to a version later than 2.5.0.