CVE-2026-28011

CVE-2026-28011 describes a Local File Inclusion in ThemeREX Yottis which allows PHP include/require filename control to be exploited remotely. Affected product: WordPress theme Yottis (versions up to and including 1.0.10). Underlying issue is improper filename handling for include/require in PHP....

WordPress Yottis theme <= 1.0.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Yottis versions = 1.0.10...