CVE-2026-28087 | ThemeREX Filmax Plugin up to 1.1.11 on WordPress filename control

Inserito da Angelo Barbosa | Mar 5, 2026 | CVE

A vulnerability described as critical has been identified in ThemeREX Filmax Plugin up to 1.1.11 on WordPress. The affected element is an unknown function. Executing a manipulation can lead to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is tracked as CVE-2026-28087. The attack can be launched remotely. No exploit exists.

CVE-2026-28087 | ThemeREX Filmax Plugin up to 1.1.11 on WordPress filename control

Post correlati

CVE-2024-6602 | Mozilla Firefox up to 127.x memory corruption

CVE-2024-27860 | Apple macOS up to 14.7 memory corruption

CVE-2025-14568 | haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0 model/User.php employee_id/id/admin sql injection

CVE-2025-25301 | danielgatis rembg up to 2.0.57 Query Parameter /api/remove server-side request forgery (GHSL-2024-161)