{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28059", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-25T12:13:34.840Z", "datePublished": "2026-03-05T05:54:18.281Z", "dateUpdated": "2026-04-28T17:35:50.287Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "dermatology-clinic", "product": "Dermatology Clinic", "vendor": "ThemeREX", "versions": [{"lessThanOrEqual": "1.4.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bonds | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:49.506Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.<p>This issue affects Dermatology Clinic: from n/a through <= 1.4.3.</p>"}], "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through <= 1.4.3."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:15:06.245Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/dermatology-clinic/vulnerability/wordpress-dermatology-clinic-theme-1-4-3-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T20:10:33.791990Z", "id": "CVE-2026-28059", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T17:35:50.287Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28059", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T20:10:33.791990Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T20:09:46.890Z"}}], "cna": {"title": "WordPress Dermatology Clinic theme <= 1.4.3 - Local File Inclusion vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Bonds | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ThemeREX", "product": "Dermatology Clinic", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.4.3"}], "packageName": "dermatology-clinic", "collectionURL": "https://themeforest.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:05:49.506Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Theme/dermatology-clinic/vulnerability/wordpress-dermatology-clinic-theme-1-4-3-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through <= 1.4.3.", "supportingMedia": [{"type": "text/html", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.<p>This issue affects Dermatology Clinic: from n/a through <= 1.4.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:15:06.245Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28059", "state": "PUBLISHED", "dateUpdated": "2026-04-28T17:35:50.287Z", "dateReserved": "2026-02-25T12:13:34.840Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-03-05T05:54:18.281Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through <= 1.4.3."}, {"lang": "es", "value": "Control inadecuado del nombre de fichero para la declaraci\u00f3n Include/Require en el programa PHP ('vulnerabilidad de inclusi\u00f3n remota de ficheros PHP') en ThemeREX Dermatology Clinic dermatology-clinic permite la inclusi\u00f3n local de ficheros PHP. Este problema afecta a Dermatology Clinic: desde n/a hasta &lt;= 1.4.3."}], "id": "CVE-2026-28059", "lastModified": "2026-04-22T21:27:27.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-05T06:16:39.537", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/dermatology-clinic/vulnerability/wordpress-dermatology-clinic-theme-1-4-3-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Dermatology Clinic", "source": "cna", "vendor": "ThemeREX"}, "product": "dermatology_clinic", "vendor": "themerex"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T23:03:53.949747+00:00", "value": {"mitigation_remediation": ["Update the Dermatology Clinic theme to version 1.4.4 or later to remove the vulnerable include logic.", "If an immediate update is not possible, modify the theme\u2019s PHP code to sanitize all file path inputs, ensuring only whitelisted directories are included and rejecting relative or absolute paths.", "Configure the web server or PHP environment to disable local file inclusion by setting the \"allow_url_include\" directive to Off and adjusting \"open_basedir\" to restrict file access to web-root directories."], "summary": {"action": "Apply Patch", "impact": "Local File Inclusion"}, "threat_synthesis": {"affected_systems": "WordPress sites running the ThemeREX Dermatology Clinic theme version 1.4.3 or earlier are affected. The vulnerability exists from the first released version through 1.4.3, and it does not affect later releases such as 1.4.4 or newer.", "description_and_impact": "An improper control of the filename for PHP include/require statements in the ThemeREX Dermatology Clinic theme allows an attacker to exploit a local file inclusion flaw. By manipulating the file path used in the plugin\u2019s code, a remote user can incorporate arbitrary files from the host server into the executed PHP request. This can lead to disclosure of sensitive data such as configuration files, private credentials, or potentially allow code execution if the attacker can write a file that is subsequently included. The weakness corresponds to CWE\u201198: Improper Control of Filename for Include/Require Statements.", "risk_and_exploitability": "The CVSS score of 8.1 categorizes this vulnerability as high severity, indicating significant impact on confidentiality and integrity. The EPSS score of less than 1% suggests that, at present, exploit availability is low, yet the inherent risk remains because the flaw can be triggered via crafted URLs or inputs. The CVE is not listed in the CISA KEV catalog. Exploitation typically requires network access to the WordPress site and the ability to manipulate query parameters or craft requests that reference the vulnerable include path. The impact extends to any user who can access the affected endpoint, potentially allowing disclosure or alteration of system files."}}}}, "created": "2026-03-06T15:10:58.912236+00:00", "updated": "2026-04-15T23:15:17.753556+00:00", "vendors": ["themerex", "themerex$PRODUCT$dermatology_clinic", "wordpress", "wordpress$PRODUCT$wordpress"]}