CVE-2026-28086 | ThemeREX Run Gran Plugin up to 2.0 on WordPress filename control

Inserito da Angelo Barbosa | Mar 5, 2026 | CVE

A vulnerability marked as critical has been reported in ThemeREX Run Gran Plugin up to 2.0 on WordPress. Impacted is an unknown function. Performing a manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is identified as CVE-2026-28086. The attack can be initiated remotely. There is not any exploit available.

CVE-2026-28086 | ThemeREX Run Gran Plugin up to 2.0 on WordPress filename control

Post correlati

CVE-2024-51704 | Hanusek imPress Plugin up to 0.1.4 on WordPress cross site scripting

CVE-2024-38176 | Microsoft GroupMe excessive authentication

CVE-2025-1463 | javmah Spreadsheet Integration Plugin up to 3.8.2 on WordPress class-wpgsi-show.php cross-site request forgery

CVE-2023-50272 | HPE Integrated Lights-Out 5/Integrated Lights-Out 6 improper authentication