CVE-2026-28062 | ThemeREX Happy Baby Plugin up to 1.2.12 on WordPress filename control

A vulnerability, which was classified as critical, was found in ThemeREX Happy Baby Plugin up to 1.2.12 on WordPress. This issue affects some unknown processing. Executing a manipulation can lead to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability appears as CVE-2026-28062. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More