Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
Dermatology Clinic Theme Allows Attacker to Access Local Files
CVE-2026-28059
Summary
A security issue in the Dermatology Clinic WordPress theme allows attackers to access and read local files on the server. This is a concern for the website's security because it could allow unauthorized access to sensitive information. To fix this issue, update the Dermatology Clinic theme to version 1.4.4 or later.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusi...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through <= 1.4.3.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026