CVE-2026-28049

CVE-2026-28049 is a Local File Inclusion vulnerability in ThemeREX Police Department police-department WordPress theme (≤2.17). Improper control of the Include/Require filename enables reading local files. CVSS 3.1 base score 8.1 (High); attack vector NETWORK, no user interaction. Affected produc...

CVE-2026-28051

CVE-2026-28051 is a Local File Inclusion vulnerability in ThemeREX Yacht Rental (yacht-rental) WordPress theme. Public description confirms Improper Control of Filename for Include/Require in PHP, enabling PHP Local File Inclusion for Yacht Rental versions up to 2.6. Connected Red Hat/Wordfence/W...

CVE-2026-28052 WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter Mason: from n/a through = 1.4.5...

CVE-2026-28048 WordPress FlashMart theme <= 2.0.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech FlashMart flashmart allows PHP Local File Inclusion.This issue affects FlashMart: from n/a through = 2.0.15...

CVE-2026-28049 WordPress Police Department theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Police Department police-department allows PHP Local File Inclusion.This issue affects Police Department: from n/a through = 2.17...

CVE-2026-28047 WordPress Victo theme <= 1.4.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

CVE-2026-28052 WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter Mason: from n/a through = 1.4.5...

CVE-2026-28049 WordPress Police Department theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Police Department police-department allows PHP Local File Inclusion.This issue affects Police Department: from n/a through = 2.17...

CVE-2026-28048 WordPress FlashMart theme <= 2.0.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech FlashMart flashmart allows PHP Local File Inclusion.This issue affects FlashMart: from n/a through = 2.0.15...

CVE-2026-28047 WordPress Victo theme <= 1.4.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

CVE-2026-28043

CVE-2026-28043 : WordPress vulnerability in ThemeREX Healer (Doctor, Clinic & Medical WordPress Theme)

CVE-2026-28046

CVE-2026-28046 is a Local File Inclusion vulnerability in the WordPress WordPress Law Office theme (ThemeREX Law Office) affecting versions up to 3.3.0. The issue stems from improper control of filenames in PHP include/require, enabling potential local file access via a network-exposed vector. Th...

CVE-2026-28045 WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 | Golf Club Sports & Events: from n/a through = 2.16.0...

CVE-2026-28045 WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 | Golf Club Sports & Events: from n/a through = 2.16.0...

CVE-2026-28043 WordPress Healer - Doctor, Clinic & Medical WordPress Theme theme <= 1.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical WordPress Theme: from n/a...

CVE-2026-28039

CVE-2026-28039 is a Local File Inclusion vulnerability in the WordPress plugin wpDataTables (Premium) &lt;= 6.5.0.1. The issue arises from improper control of filenames in PHP include/require statements, enabling LFI. The vulnerability is exploitable remotely (attack vector: NETWORK) with no user...

CVE-2026-28041 WordPress Grit theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit: from n/a through = 1.0.1...

CVE-2026-28039 WordPress wpDataTables plugin <= 6.5.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through = 6.5.0.1...

CVE-2026-28039 WordPress wpDataTables plugin <= 6.5.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through = 6.5.0.1...

CVE-2026-28041 WordPress Grit theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit: from n/a through = 1.0.1...