8765 matches found
CVE-2026-28067 WordPress Bassein theme <= 1.0.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bassein bassein allows PHP Local File Inclusion.This issue affects Bassein: from n/a through = 1.0.15...
CVE-2026-28063 WordPress Asia Garden theme <= 1.3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Asia Garden asia-garden allows PHP Local File Inclusion.This issue affects Asia Garden: from n/a through = 1.3.1...
CVE-2026-28058
CVE-2026-28058 describes an Unauthenticated Local File Inclusion in the WordPress theme Dixon (ThemeREX Dixon, “dixon”) for versions up to and including 1.4.2.1. The issue arises from improper control of the filename in PHP include/require statements (PHP Remote File Inclusion) which, in practice...
CVE-2026-28059
CVE-2026-28059 is a Local File Inclusion (LFI) vulnerability in the WordPress theme “Dermatology Clinic” by ThemeREX, affecting versions up to and including 1.4.3. The issue arises from Improper Control of Filename for Include/Require statements in PHP, enabling an attacker to potentially include...
CVE-2026-28061 WordPress Tiger Claw theme <= 1.1.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tiger Claw tiger-claw allows PHP Local File Inclusion.This issue affects Tiger Claw: from n/a through = 1.1.14...
CVE-2026-28062 WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...
CVE-2026-28060 WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...
CVE-2026-28058 WordPress Dixon theme <= 1.4.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from n/a through = 1.4.2.1...
CVE-2026-28058 WordPress Dixon theme <= 1.4.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from n/a through = 1.4.2.1...
CVE-2026-28059 WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through = 1.4.3...
CVE-2026-28060 WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...
CVE-2026-28054
The CVE-2026-28054 entry concerns ThemeREX Legal Stone WordPress Theme (vulnerable
CVE-2026-28057
CVE-2026-28057 — Local File Inclusion in ThemeREX Mandala (WordPress theme) up to version 2.8. The issue stems from improper filename handling in PHP include/require, enabling PHP Local File Inclusion. Affected product: Mandala (ThemeREX Mandala) on WordPress; impact includes high confidentiality...
CVE-2026-28055 WordPress M.Williamson theme <= 1.2.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX M.Williamson williamson allows PHP Local File Inclusion.This issue affects M.Williamson: from n/a through = 1.2.11...
CVE-2026-28053 WordPress Miller theme <= 1.3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Miller christine-miller allows PHP Local File Inclusion.This issue affects Miller: from n/a through = 1.3.3...
CVE-2026-28054 WordPress Legal Stone theme <= 1.2.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Legal Stone legal-stone allows PHP Local File Inclusion.This issue affects Legal Stone: from n/a through = 1.2.11...
CVE-2026-28053 WordPress Miller theme <= 1.3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Miller christine-miller allows PHP Local File Inclusion.This issue affects Miller: from n/a through = 1.3.3...
CVE-2026-28048
CVE-2026-28048 affects the WordPress FlashMart theme (versions <= 2.0.15). The issue is an Improper Control of Filename for Include/Require in PHP, enabling Local File Inclusion via PHP include/require statements. Root cause: unvalidated/unrestricted filenames in include paths. Impact is Local...
CVE-2026-28050
CVE-2026-28050 refers to a Local File Inclusion in the ThemeREX Beacon WordPress theme (beacon)
CVE-2026-28052
CVE-2026-28052 is a local file inclusion vulnerability in the WordPress theme “Peter Mason” (ThemeREX Peter Mason, petermason) due to improper filename handling in PHP include/require. Affected versions are listed as up to