Ozisti Theme: Attackers can access local files via theme settings

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

Ozisti Theme: Attackers can access local files via theme settings

CVE-2026-28093

Summary

A vulnerability in the Ozisti theme allows attackers to access local files by manipulating theme settings. This could potentially allow unauthorized access to sensitive information. Update to the latest version of the theme (1.1.11 or later) to address this issue.

Original title

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Ozisti ozisti allows PHP Local File Inclusion.This issue affects Oz...

Original description

nvd CVSS3.1 8.1

Vulnerability type

CWE-98 Improper Control of Filename for Include

https://patchstack.com/database/Wordpress/Theme/ozisti/vulnerability/wordpress-o...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026