CVE-2026-28120 WordPress Dr.Patterson theme <= 1.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue affects Dr.Patterson: from n/a through = 1.3.2...

CVE-2026-28120

CVE-2026-28120 is a local file inclusion vulnerability in ThemeREX Dr.Patterson dr-patterson (WordPress theme), caused by improper control of the filename in include/require statements. Affected: Dr.Patterson versions up to and including 1.3.2. The entry lists a high impact (CVSS 3.1: 8.1, HIGH) ...

CVE-2026-28098 WordPress Save Life theme <= 1.2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through = 1.2.13...

CVE-2026-28098

CVE-2026-28098 is a Local File Inclusion vulnerability in the ThemeREX Save Life WordPress theme (versions up to 1.2.13). The issue arises from improper control of the filename used in PHP include/require statements, allowing an attacker to include local files. Public documentation consistently n...

CVE-2026-28096 WordPress WealthCo theme <= 2.18 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX WealthCo wealthco allows PHP Local File Inclusion.This issue affects WealthCo: from n/a through = 2.18...

CVE-2026-28076 WordPress Guff theme <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Frenify Guff guff allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Guff: from n/a through = 1.0.1...

CVE-2026-28068 WordPress Rhythmo theme <= 1.3.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Rhythmo rhythmo allows PHP Local File Inclusion.This issue affects Rhythmo: from n/a through = 1.3.4...

CVE-2026-28068

CVE-2026-28068 affects the WordPress Rhythmo theme (Rhythmo) versions

CVE-2026-28074

CVE-2026-28074 describes a Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse (WordPress theme) affecting versions from n/a through

CVE-2026-28065 WordPress Eject theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Eject eject allows PHP Local File Inclusion.This issue affects Eject: from n/a through = 2.17...

CVE-2026-28063 WordPress Asia Garden theme <= 1.3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Asia Garden asia-garden allows PHP Local File Inclusion.This issue affects Asia Garden: from n/a through = 1.3.1...

CVE-2026-28067

CVE-2026-28067 describes an LFI (Local File Inclusion) in the WordPress ThemeREX Bassein (bassein) theme. Affected software: ThemeREX Bassein bassein, version range from n/a up to and including 1.0.15. Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Re...

CVE-2026-28061 WordPress Tiger Claw theme <= 1.1.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tiger Claw tiger-claw allows PHP Local File Inclusion.This issue affects Tiger Claw: from n/a through = 1.1.14...

CVE-2026-28059 WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through = 1.4.3...

CVE-2026-28060 WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...

CVE-2026-28062 WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through = 1.2.12...

CVE-2026-28060 WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX S.King stephanie-king allows PHP Local File Inclusion.This issue affects S.King: from n/a through = 1.5.3...

CVE-2026-28062

CVE-2026-28062 affects the WordPress theme ThemeREX Happy Baby (happy-baby) up to version 1.2.12. It is an Unauthenticated Local File Inclusion vulnerability caused by improper control of filename for include/require statements in PHP. Consequences described in sources indicate possible exposure ...

CVE-2026-28056 WordPress MCKinney's Politics theme <= 1.2.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion.This issue affects MCKinney's Politics: from n/a through = 1.2.8...

CVE-2026-28054 WordPress Legal Stone theme <= 1.2.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Legal Stone legal-stone allows PHP Local File Inclusion.This issue affects Legal Stone: from n/a through = 1.2.11...