Home / Vulnerability Intelligence / CVE-2026-28121

CVE-2026-28121 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 5, 2026

AncoraThemes Anderson - File Inclusion

Published: March 5, 2026Updated: March 5, 2026Remote Exploitable

Overview

AncoraThemes Anderson <= 1.4.2 contains a file inclusion vulnerability caused by improper control of filename in include/require statements, letting remote attackers include local files, exploit requires crafted input.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 11.5%(Probability of exploitation in next 30 days)

Impact

Remote attackers can include and execute local files, potentially leading to remote code execution or information disclosure.

Mitigation

Update to the latest version beyond 1.4.2.

References

https://patchstack.com/database/Wordpress/Theme/andersonclinic/vulnerability/wordpress-anderson-theme-1-4-2-local-file-inclusion-vulnerability?_s_id=cve

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 5, 2026

🟠 CVE-2026-28121 - High (8.1) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through <= 1.4.2. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28121/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28121
Severity: High
CVSS Score: 8.1
Type: file_inclusion
Status: unconfirmed
EPSS: 11.5%
Social Posts: 1

CWE

CWE-98

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

11.5%Probability of exploitation in the next 30 days