CVE-2026-28094
Local File Inclusion Vulnerability in RexCoin ThemeREX
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themerex | rexcoin | to 1.2.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28094 is a Local File Inclusion (LFI) vulnerability in the WordPress RexCoin Theme versions up to and including 1.2.6. It allows an unauthenticated attacker to include and display local files from the target website by exploiting improper control of filename parameters in PHP include/require statements.
This vulnerability falls under the OWASP Top 10 category A3: Injection, specifically a Local File Inclusion issue, which can be used to access sensitive files on the server.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can allow attackers to access and display sensitive local files on the server, such as database credentials.'}, {'type': 'paragraph', 'content': "Depending on the website's configuration, this could lead to a complete database takeover, posing a severe security risk."}, {'type': 'paragraph', 'content': 'The vulnerability has a high severity score of 8.1, indicating a highly dangerous risk that is expected to be exploited.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows an unauthenticated attacker to include and display local files from the target website, which can be detected by monitoring for suspicious HTTP requests attempting to exploit Local File Inclusion (LFI) patterns.'}, {'type': 'paragraph', 'content': 'Common detection methods include inspecting web server logs for requests containing suspicious parameters that attempt to include local files, such as those containing directory traversal sequences (e.g., ../) or attempts to include sensitive files like /etc/passwd.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided in the available resources, typical commands to detect such activity might include using grep on web server logs to find suspicious patterns, for example:'}, {'type': 'list_item', 'content': "grep -i 'include' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "grep -E '\\.\\./|etc/passwd' /var/log/apache2/access.log"}, {'type': 'paragraph', 'content': 'Additionally, deploying automated protection or mitigation rules, such as those provided by Patchstack, can help detect and block exploitation attempts.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for the RexCoin theme, immediate mitigation should focus on applying available protective measures to block exploitation attempts.
Patchstack has issued a mitigation rule that can be applied to block attacks targeting this Local File Inclusion vulnerability until an official patch is released.
It is recommended to implement automated protection solutions that can safeguard affected websites by detecting and preventing exploitation attempts.
Additionally, monitoring and restricting access to sensitive files and ensuring proper web server configuration can help reduce the risk.