CVE-2026-28066 | ThemeREX Legrand Plugin up to 2.17 on WordPress filename control

A vulnerability categorized as critical has been discovered in ThemeREX Legrand Plugin up to 2.17 on WordPress. Affected is an unknown function. Executing a manipulation can lead to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

The identification of this vulnerability is CVE-2026-28066. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More