CVE-2026-28094 WordPress RexCoin theme <= 1.2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX RexCoin rexcoin allows PHP Local File Inclusion.This issue affects RexCoin: from n/a through = 1.2.6...

CVE-2026-28094

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX RexCoin rexcoin allows PHP Local File Inclusion.This issue affects RexCoin: from n/a through = 1.2.6...

CVE-2026-28096

CVE-2026-28096 is validated by connected sources as a Local File Inclusion in the ThemeREX WealthCo WordPress theme ( WealthCo ), affecting versions up to 2.18. The issue is described as improper control of the filename used in PHP include/require statements, enabling PHP Local File Inclusion. Th...

CVE-2026-28090

CVE-2026-28090 describes an LFI (Local File Inclusion) in the ThemeREX WordPress theme “Gamezone”. Affected: Gamezone versions

CVE-2026-28089 WordPress Daiquiri theme <= 1.2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects Daiquiri: from n/a through = 1.2.4...

CVE-2026-28087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Filmax filmax allows PHP Local File Inclusion.This issue affects Filmax: from n/a through = 1.1.11...

CVE-2026-28089

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects Daiquiri: from n/a through = 1.2.4...

CVE-2026-28090

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gamezone gamezone allows PHP Local File Inclusion.This issue affects Gamezone: from n/a through = 1.1.11...

CVE-2026-28088 WordPress Aqualots theme <= 1.1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Aqualots aqualots allows PHP Local File Inclusion.This issue affects Aqualots: from n/a through = 1.1.6...

CVE-2026-28091 WordPress Coleo theme <= 1.1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Coleo coleo allows PHP Local File Inclusion.This issue affects Coleo: from n/a through = 1.1.7...

CVE-2026-28088 WordPress Aqualots theme <= 1.1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Aqualots aqualots allows PHP Local File Inclusion.This issue affects Aqualots: from n/a through = 1.1.6...

CVE-2026-28089 WordPress Daiquiri theme <= 1.2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects Daiquiri: from n/a through = 1.2.4...

CVE-2026-28087

CVE-2026-28087 corresponds to an local file inclusion in ThemeREX Filmax (WordPress theme Filmax)

CVE-2026-28085 WordPress Mahogany theme <= 2.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Mahogany mahogany allows PHP Local File Inclusion.This issue affects Mahogany: from n/a through = 2.9...

CVE-2026-28079

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Conquerors conquerors allows PHP Local File Inclusion.This issue affects Conquerors: from n/a through = 1.2.13...

CVE-2026-28081

CVE-2026-28081 is a PHP Local File Inclusion in ThemeREX Windsor (Windsor) versions

CVE-2026-28079 WordPress Conquerors theme <= 1.2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Conquerors conquerors allows PHP Local File Inclusion.This issue affects Conquerors: from n/a through = 1.2.13...

CVE-2026-28085

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Mahogany mahogany allows PHP Local File Inclusion.This issue affects Mahogany: from n/a through = 2.9...

CVE-2026-28085

CVE-2026-28085 is a Local File Inclusion vulnerability in ThemeREX Mahogany theme (Mahogany) for WordPress, affecting versions n/a through 2.9. Cause: Improper control of the filename used in PHP Include/Require, enabling PHP Local File Inclusion. The initial description and Red Hat/Wordfence ref...

CVE-2026-28077

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Vapester vapester allows PHP Local File Inclusion.This issue affects Vapester: from n/a through = 1.1.10...