CVE-2026-28063 | ThemeREX Asia Garden Plugin up to 1.3.1 on WordPress filename control

A vulnerability was found in ThemeREX Asia Garden Plugin up to 1.3.1 on WordPress. It has been rated as critical. This impacts an unknown function. Performing a manipulation results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability was named CVE-2026-28063. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More