CVE-2026-28077 | ThemeREX Vapester Plugin up to 1.1.10 on WordPress filename control

A vulnerability marked as critical has been reported in ThemeREX Vapester Plugin up to 1.1.10 on WordPress. This affects an unknown part. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is tracked as CVE-2026-28077. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More