93339 matches found
CVE-2026-28091
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Coleo coleo allows PHP Local File Inclusion.This issue affects Coleo: from n/a through = 1.1.7...
CVE-2026-28091 WordPress Coleo theme <= 1.1.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Coleo coleo allows PHP Local File Inclusion.This issue affects Coleo: from n/a through = 1.1.7...
CVE-2026-28090 WordPress Gamezone theme <= 1.1.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gamezone gamezone allows PHP Local File Inclusion.This issue affects Gamezone: from n/a through = 1.1.11...
CVE-2026-28088
CVE-2026-28088 is a Local File Inclusion vulnerability in the WordPress theme ThemeREX Aqualots (versions <= 1.1.6). The issue is caused by improper control of filename for include/require in PHP, enabling LFI. Public sources (NVD/RedHat/CVE listing) describe the affected software as Aqualots
CVE-2026-28084 WordPress Bazinga theme <= 1.1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bazinga bazinga allows PHP Local File Inclusion.This issue affects Bazinga: from n/a through = 1.1.9...
CVE-2026-28084
CVE-2026-28084 is a Local File Inclusion vulnerability in the WordPress theme Bazinga (ThemeREX Bazinga). The issue arises from improper control of the filename used in PHP Include/Require, allowing an attacker to include local files. The vulnerability affects Bazinga versions from unspecified ea...
CVE-2026-28077 WordPress Vapester theme <= 1.1.10 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Vapester vapester allows PHP Local File Inclusion.This issue affects Vapester: from n/a through = 1.1.10...
CVE-2026-28069 WordPress Le Truffe theme <= 1.1.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Le Truffe letruffe allows PHP Local File Inclusion.This issue affects Le Truffe: from n/a through = 1.1.7...
CVE-2026-28064
CVE-2026-28064 affects the ThemeREX Edge Decor WordPress theme (edge-decor) up to version 2.2. It is a Local File Inclusion caused by improper filename handling in PHP include/require statements. The CVSS 3.1 vector indicates NETWORK attack, HIGH impact on confidentiality, integrity, and availabi...
CVE-2026-28066 WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Legrand legrand allows PHP Local File Inclusion.This issue affects Legrand: from n/a through = 2.17...
CVE-2026-28059 WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through = 1.4.3...
CVE-2026-28060
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...
CVE-2026-28062
CVE-2026-28062 affects the WordPress theme ThemeREX Happy Baby (happy-baby) up to version 1.2.12. It is an Unauthenticated Local File Inclusion vulnerability caused by improper control of filename for include/require statements in PHP. Consequences described in sources indicate possible exposure ...
CVE-2026-28054
The CVE-2026-28054 entry concerns ThemeREX Legal Stone WordPress Theme (vulnerable
CVE-2026-28052
CVE-2026-28052 is a local file inclusion vulnerability in the WordPress theme “Peter Mason” (ThemeREX Peter Mason, petermason) due to improper filename handling in PHP include/require. Affected versions are listed as up to
CVE-2026-28051 WordPress Yacht Rental theme <= 2.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue affects Yacht Rental: from n/a through = 2.6...
CVE-2026-28052 WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter Mason: from n/a through = 1.4.5...
CVE-2026-28047
CVE-2026-28047 affects the Victo WordPress theme (Victo
CVE-2026-28052 WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter Mason: from n/a through = 1.4.5...
CVE-2026-28045 WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inclusion.This issue affects N7 | Golf Club Sports & Events: from n/a through = 2.16.0...