CVE-2026-28016

CVE-2026-28016 is a WordPress ThemeREX Luxury Wine vulnerability: Local File Inclusion due to improper filename handling in PHP include/require. Affected: luxury-wine up to version 1.1.14. Public details from Wordfence indicate no patch is available yet (unpatched) and exploitation could be possi...

CVE-2026-28017 WordPress Green Thumb theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Green Thumb greenthumb allows PHP Local File Inclusion.This issue affects Green Thumb: from n/a through = 1.1.12...

CVE-2026-28018 WordPress Global Logistics theme <= 3.20 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.This issue affects Global Logistics: from n/a through = 3.20...

CVE-2026-28016 WordPress Luxury Wine theme <= 1.1.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Luxury Wine luxury-wine allows PHP Local File Inclusion.This issue affects Luxury Wine: from n/a through = 1.1.14...

CVE-2026-28017 WordPress Green Thumb theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Green Thumb greenthumb allows PHP Local File Inclusion.This issue affects Green Thumb: from n/a through = 1.1.12...

CVE-2026-28018 WordPress Global Logistics theme <= 3.20 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.This issue affects Global Logistics: from n/a through = 3.20...

CVE-2026-28014 WordPress Translogic theme <= 1.2.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Translogic translogic allows PHP Local File Inclusion.This issue affects Translogic: from n/a through = 1.2.11...

CVE-2026-28014

CVE-2026-28014 : Affects WordPress theme/translogic by ThemeREX (versions up to and including 1.2.11). The issue is an Improper Control of Filename for Include/Require in a PHP program, enabling PHP Local File Inclusion (LFI). Documented impact is high (CVSS v3.1: 8.1, Network attack, no user int...

CVE-2026-28015

CVE-2026-28015 : WordPress ShiftCV theme (ShiftCV)

CVE-2026-28013

CVE-2026-28013 is a Local File Inclusion vulnerability in the WordPress theme Kratz by ThemeREX, affecting version range from n/a to

CVE-2026-28012

CVE-2026-28012 is a Local File Inclusion vulnerability in WordPress Theme Gridiron (Gridiron) up to version &lt;= 1.0.14. The issue arises from improper control of the filename for include/require in the PHP program, enabling LFI. Public sources in the Connected documents confirm the affected pro...

CVE-2026-28011

CVE-2026-28011 describes a Local File Inclusion in ThemeREX Yottis which allows PHP include/require filename control to be exploited remotely. Affected product: WordPress theme Yottis (versions up to and including 1.0.10). Underlying issue is improper filename handling for include/require in PHP....

CVE-2026-28015 WordPress ShiftCV theme <= 3.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ShiftCV shift-cv allows PHP Local File Inclusion.This issue affects ShiftCV: from n/a through = 3.0.14...

CVE-2026-28013 WordPress Kratz theme <= 1.0.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Kratz: from n/a through = 1.0.12...

CVE-2026-28012

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through = 1.0.14...

CVE-2026-28015 WordPress ShiftCV theme <= 3.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ShiftCV shift-cv allows PHP Local File Inclusion.This issue affects ShiftCV: from n/a through = 3.0.14...

CVE-2026-28013 WordPress Kratz theme <= 1.0.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Kratz: from n/a through = 1.0.12...

CVE-2026-28009

The CVE describes a Local File Inclusion in the WordPress DroneX theme (DroneX &lt;= 1.1.12) due to improper control of filenames for include/require statements. Public sources (Wordfence Intelligence) list DroneX

CVE-2026-28010

CVE-2026-28010: WordPress Scientia theme

CVE-2026-27998

CVE-2026-27998 : Local File Inclusion in ThemeREX Vixus (WordPress) due to improper control of filenames for PHP include/require. Affected: Vixus vixus