CVE-2026-28096
Local File Inclusion Vulnerability in WealthCo PHP Theme
Publication date: 2026-03-05
Last updated on: 2026-03-05
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | wealthco | to 2.18 (inc) |
| themerex | wealthco | to 2.18 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-28096 is a Local File Inclusion (LFI) vulnerability in the WordPress WealthCo Theme versions up to and including 2.18. This vulnerability allows an unauthenticated attacker to include and display local files from the target website.
By exploiting this flaw, an attacker can potentially access sensitive information stored in local files, such as database credentials.
The vulnerability is categorized under OWASP Top 10 A3: Injection and does not require any authentication to exploit, making it a high-risk issue.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploitation of this vulnerability can lead to the exposure of sensitive information like database credentials.'}, {'type': 'paragraph', 'content': "If attackers obtain these credentials, they could potentially take over the entire database depending on the website's configuration."}, {'type': 'paragraph', 'content': 'This could result in data breaches, loss of data integrity, and unauthorized access to confidential information.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'The CVE-2026-28096 vulnerability allows an unauthenticated attacker to include and display local files from the target website, which can be detected by monitoring for suspicious HTTP requests attempting to exploit Local File Inclusion (LFI).'}, {'type': 'paragraph', 'content': 'Detection can involve checking web server logs for requests containing suspicious parameters that attempt to include local files, such as those with patterns like "?file=", "?include=", or other URL parameters that reference local paths.'}, {'type': 'paragraph', 'content': 'While no specific commands are provided in the resources, common detection commands might include using tools like grep to search web server logs for suspicious inclusion attempts, for example:'}, {'type': 'list_item', 'content': 'grep -iE "(\\?file=|\\?include=|\\?page=)" /var/log/apache2/access.log'}, {'type': 'list_item', 'content': 'grep -i "../../" /var/log/apache2/access.log'}, {'type': 'paragraph', 'content': 'Additionally, network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to detect and alert on such LFI attack patterns.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is currently available for CVE-2026-28096, immediate mitigation involves implementing the Patchstack mitigation rule that blocks attacks exploiting this Local File Inclusion vulnerability.
Users of the WealthCo Theme are strongly advised to apply Patchstackβs automated vulnerability mitigation and continuous security monitoring solutions to protect their WordPress sites from exploitation.
Additionally, it is recommended to monitor and restrict access to sensitive files on the server, review and harden web server configurations, and ensure that unnecessary file inclusion functionality is disabled or properly sanitized.