CVE-2026-28058
Local File Inclusion in ThemeREX Dixon
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themerex | dixon | to 1.4.2.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28058 is a Local File Inclusion (LFI) vulnerability in the WordPress Dixon Theme versions up to and including 1.4.2.1.
This vulnerability allows an unauthenticated attacker to include and display local files from the target website.
By exploiting this flaw, attackers can potentially access sensitive information such as database credentials.
The vulnerability is classified under OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "Exploitation of this vulnerability could lead to a complete database takeover depending on the website's configuration."}, {'type': 'paragraph', 'content': 'Attackers can gain unauthorized access to sensitive files and data, which may compromise the security and integrity of the affected website.'}, {'type': 'paragraph', 'content': 'Since the vulnerability allows unauthenticated access, it poses a high risk to website owners and users.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'CVE-2026-28058 is a Local File Inclusion (LFI) vulnerability affecting the WordPress Dixon Theme up to version 1.4.2.1. Detection typically involves monitoring for attempts to exploit the LFI by including local files via crafted HTTP requests.'}, {'type': 'paragraph', 'content': 'You can detect potential exploitation attempts by inspecting web server logs for suspicious requests containing file inclusion patterns such as "?page=", "?file=", or other parameters that might be used to include local files.'}, {'type': 'paragraph', 'content': 'Example commands to search for suspicious requests in Apache or Nginx logs:'}, {'type': 'list_item', 'content': 'grep -iE "(\\?page=|\\?file=|\\?include=)" /var/log/apache2/access.log'}, {'type': 'list_item', 'content': 'grep -iE "(\\?page=|\\?file=|\\?include=)" /var/log/nginx/access.log'}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unexpected file reads or errors related to file inclusion in application logs can help detect exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for the affected Dixon Theme versions, immediate mitigation is critical.
Patchstack has issued a mitigation rule to block attacks targeting this vulnerability. Applying such a mitigation rule or a Web Application Firewall (WAF) rule to block suspicious requests attempting local file inclusion is strongly advised.
Other immediate steps include:
- Restrict file inclusion functions in PHP configuration if possible.
- Limit permissions on files and directories to prevent unauthorized access.
- Monitor and block suspicious HTTP requests that attempt to exploit the vulnerability.
- Consider temporarily disabling or replacing the vulnerable theme until an official patch is released.