CVE-2026-28077 WordPress Vapester theme <= 1.1.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Vapester vapester allows PHP Local File Inclusion.This issue affects Vapester: from n/a through = 1.1.10...

CVE-2026-28069 WordPress Le Truffe theme <= 1.1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Le Truffe letruffe allows PHP Local File Inclusion.This issue affects Le Truffe: from n/a through = 1.1.7...

CVE-2026-28066 WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Legrand legrand allows PHP Local File Inclusion.This issue affects Legrand: from n/a through = 2.17...

CVE-2026-28064

CVE-2026-28064 affects the ThemeREX Edge Decor WordPress theme (edge-decor) up to version 2.2. It is a Local File Inclusion caused by improper filename handling in PHP include/require statements. The CVSS 3.1 vector indicates NETWORK attack, HIGH impact on confidentiality, integrity, and availabi...

CVE-2026-28059 WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through = 1.4.3...

CVE-2026-28060

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...

CVE-2026-28062

CVE-2026-28062 affects the WordPress theme ThemeREX Happy Baby (happy-baby) up to version 1.2.12. It is an Unauthenticated Local File Inclusion vulnerability caused by improper control of filename for include/require statements in PHP. Consequences described in sources indicate possible exposure ...

CVE-2026-28054

The CVE-2026-28054 entry concerns ThemeREX Legal Stone WordPress Theme (vulnerable

CVE-2026-28051 WordPress Yacht Rental theme <= 2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue affects Yacht Rental: from n/a through = 2.6...

CVE-2026-28052 WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter Mason: from n/a through = 1.4.5...

CVE-2026-28052 WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter Mason: from n/a through = 1.4.5...

CVE-2026-28047

CVE-2026-28047 affects the Victo WordPress theme (Victo

CVE-2026-28052

CVE-2026-28052 is a local file inclusion vulnerability in the WordPress theme “Peter Mason” (ThemeREX Peter Mason, petermason) due to improper filename handling in PHP include/require. Affected versions are listed as up to

CVE-2026-28045 WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 | Golf Club Sports & Events: from n/a through = 2.16.0...

CVE-2026-28041 WordPress Grit theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit: from n/a through = 1.0.1...

CVE-2026-28039 WordPress wpDataTables plugin <= 6.5.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through = 6.5.0.1...

CVE-2026-28035

CVE-2026-28035: WordPress Printy theme

CVE-2026-28032 WordPress Tuning theme <= 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tuning tuning allows PHP Local File Inclusion.This issue affects Tuning: from n/a through = 1.3...

CVE-2026-28032 WordPress Tuning theme <= 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tuning tuning allows PHP Local File Inclusion.This issue affects Tuning: from n/a through = 1.3...

CVE-2026-28030 WordPress Bonbon theme <= 1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...