CVE-2026-28007
Local File Inclusion in Coinpress ThemeREX Allows Code Execution
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | coinpress | to 1.0.14 (inc) |
| themerex | coinpress | to 1.0.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28007 is a Local File Inclusion (LFI) vulnerability found in the WordPress Coinpress Theme versions up to and including 1.0.14.
This vulnerability allows unauthenticated attackers to include and display local files from the target website.
By exploiting this flaw, attackers can potentially access sensitive information such as database credentials.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "Exploitation of this vulnerability could lead to a complete database takeover depending on the website's configuration."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires no privileges (unauthenticated access), attackers can exploit it without needing to log in.'}, {'type': 'paragraph', 'content': "This can result in exposure of sensitive data and compromise of the website's security."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows unauthenticated attackers to include and display local files from the target website, which may be detected by monitoring for suspicious HTTP requests attempting to exploit Local File Inclusion (LFI) in the WordPress Coinpress Theme versions up to 1.0.14.'}, {'type': 'paragraph', 'content': 'While no specific detection commands are provided, network or system administrators can look for unusual URL parameters or requests that attempt to include local files, such as those containing directory traversal patterns (e.g., "../") or attempts to access sensitive files like /etc/passwd.'}, {'type': 'paragraph', 'content': 'Additionally, applying Patchstackβs mitigation rule can help block attack attempts and may provide logging or alerts for detection purposes.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for this Local File Inclusion vulnerability in the WordPress Coinpress Theme versions up to 1.0.14, the immediate recommended step is to apply Patchstackβs rule-based mitigation.
This mitigation can block attacks targeting this vulnerability and help protect your website from exploitation until an official patch is released.
Users should implement this mitigation promptly to safeguard sensitive data and prevent potential database takeover.