CVE-2026-28088 | ThemeREX Aqualots Plugin up to 1.1.6 on WordPress filename control

Inserito da Angelo Barbosa | Mar 5, 2026 | CVE

A vulnerability classified as critical has been found in ThemeREX Aqualots Plugin up to 1.1.6 on WordPress. The impacted element is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is listed as CVE-2026-28088. The attack may be initiated remotely. There is no available exploit.

CVE-2026-28088 | ThemeREX Aqualots Plugin up to 1.1.6 on WordPress filename control

Post correlati

CVE-2024-8908 | Google Chrome up to 128.0.6613.137 Autofill Remote Code Execution

CVE-2023-52491 | Linux Kernel up to 5.10.209/5.15.148/6.1.75/6.6.14/6.7.2 mtk-jpeg mtk_jpeg_dec_device_run use after free

CVE-2025-52765 | lisensee NetInsight Analytics Implementation Plugin up to 1.0.3 on WordPress cross-site request forgery

CVE-2024-47547 | Ruijie Reyee OS up to 3.1/9.4 Forgotten Password password recovery (icsa-24-338-01)