CVE-2026-28089 | ThemeREX Daiquiri Plugin up to 1.2.4 on WordPress filename control

Inserito da Angelo Barbosa | Mar 5, 2026 | CVE

A vulnerability classified as critical was found in ThemeREX Daiquiri Plugin up to 1.2.4 on WordPress. This affects an unknown function. The manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is cataloged as CVE-2026-28089. The attack may be launched remotely. There is no exploit available.

CVE-2026-28089 | ThemeREX Daiquiri Plugin up to 1.2.4 on WordPress filename control

Post correlati

CVE-2025-39970 | Linux Kernel up to 6.16.9 i40e action_meta null pointer dereference

CVE-2024-12460 | laurencebahiirwa Years Since Plugin up to 1.4.1 on WordPress Shortcode years-since cross site scripting

CVE-2025-34139 | Sitecore Experience Manager improper authentication (KB1003650)

CVE-2023-43701 | Apache Superset up to 2.1.1 REST API Endpoint cross site scripting