CVE-2026-28084 | ThemeREX Bazinga Plugin up to 1.1.9 on WordPress filename control

A vulnerability identified as critical has been detected in ThemeREX Bazinga Plugin up to 1.1.9 on WordPress. This vulnerability affects unknown code. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

The identification of this vulnerability is CVE-2026-28084. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More