Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
ThemeREX Bassein allows attackers to access local files via malicious URL
CVE-2026-28067
Summary
ThemeREX Bassein, a WordPress theme, has a security flaw that can allow attackers to access and view files on your website. This means that if a hacker knows the location of a specific file on your site, they might be able to access it. To fix this, update to version 1.0.16 or later to prevent unauthorized access to your files.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bassein bassein allows PHP Local File Inclusion.This issue affects ...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bassein bassein allows PHP Local File Inclusion.This issue affects Bassein: from n/a through <= 1.0.15.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026