Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
ThemeREX Legal Stone allows hackers to access local files
CVE-2026-28054
Summary
A security flaw in ThemeREX Legal Stone allows hackers to access files on your server, which could lead to data theft or disruption of your website. To fix this, update to version 1.2.12 or later. If you can't update, consider removing the plugin until a fix is available.
Original title
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legal Stone legal-stone allows PHP Local File Inclusion.This issue ...
Original description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legal Stone legal-stone allows PHP Local File Inclusion.This issue affects Legal Stone: from n/a through <= 1.2.11.
nvd CVSS3.1
8.1
Vulnerability type
CWE-98
Improper Control of Filename for Include
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026