Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.1 HIGH
CVE-2026-28057 — WordPress Mandala theme <= 2.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mandala mandala allows PHP Local File Inclusion.This issue affects Ma…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28056 — WordPress MCKinney's Politics theme <= 1.2.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion…

Remote | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28055 — WordPress M.Williamson theme <= 1.2.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX M.Williamson williamson allows PHP Local File Inclusion.This issue af…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-28054 — WordPress Legal Stone theme <= 1.2.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legal Stone legal-stone allows PHP Local File Inclusion.This issue af…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28053 — WordPress Miller theme <= 1.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Miller christine-miller allows PHP Local File Inclusion.This issue af…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28052 — WordPress Peter Mason theme <= 1.4.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue aff…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28051 — WordPress Yacht Rental theme <= 2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue …

Remote | Injection
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28050 — WordPress Beacon theme <= 2.24 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beac…

Remote | Injection
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-28049 — WordPress Police Department theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Police Department police-department allows PHP Local File Inclusion.T…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28048 — WordPress FlashMart theme <= 2.0.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech FlashMart flashmart allows PHP Local File Inclusion.This issue affec…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-28047 — WordPress Victo theme <= 1.4.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.1 HIGH
CVE-2026-28046 — WordPress Law Office theme <= 3.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Law Office law-office allows PHP Local File Inclusion.This issue affe…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-28045 — WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerabi…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local File Inc…

Remote | Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.8 CRITICAL
CVE-2026-28043 — WordPress Healer - Doctor, Clinic & Medical WordPress Theme theme <= 1.0.0 - Local File I…

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP L…

Remote | Injection
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
7.1 HIGH
CVE-2026-28042 — WordPress Listify plugin <= 3.2.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through <= 3…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
8.1 HIGH
CVE-2026-28041 — WordPress Grit theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit…

Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
7.5 HIGH
CVE-2026-28039 — WordPress wpDataTables plugin <= 6.5.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This is…

wpdatatables | Remote | Path Traversal
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
6.5 MEDIUM
CVE-2026-28038 — WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.1 - Broken Access Contr…

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate A…

ultimate_addons_for_wpbakery_page_builder | Remote | Authorization
Mar 05, 2026 Apr 01, 2026
Mar 05, 2026
Apr 01, 2026
7.1 HIGH
CVE-2026-28037 — WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through <= 4.9…

eventon-lite | Remote | Cross-Site Scripting
Mar 05, 2026 Mar 06, 2026
Mar 05, 2026
Mar 06, 2026
6.4 MEDIUM
CVE-2026-28036 — WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6.

Remote | Server-Side Request Forgery
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 6268 Results