CVE-2026-28124 in Notarius Plugin
Summary
by MITRE • 03/05/2026
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through <= 1.9.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/07/2026
The vulnerability identified as CVE-2026-28124 represents a critical PHP Remote File Inclusion flaw in the AncoraThemes Notarius theme, specifically impacting versions through 1.9. This vulnerability falls under the broader category of improper control of filename for include/require statements, which is classified as CWE-88 in the Common Weakness Enumeration catalog. The issue stems from the theme's failure to properly validate and sanitize user-supplied input that is used in PHP include or require statements, creating an opportunity for attackers to manipulate the file inclusion process.
The technical exploitation of this vulnerability occurs when an attacker can manipulate parameters that are directly used in PHP include/require functions within the Notarius theme code. This allows for local file inclusion attacks where malicious actors can execute arbitrary PHP code on the target server by leveraging the vulnerable include statement. The vulnerability specifically affects the theme's handling of filename parameters, which are typically used to include template files or other PHP components. When user input is not properly sanitized or validated before being passed to these include functions, attackers can inject malicious file paths or URLs that will be executed by the PHP interpreter.
From an operational impact perspective, this vulnerability poses significant security risks to WordPress sites using the affected AncoraThemes Notarius theme. Attackers can leverage this weakness to execute arbitrary code, potentially leading to complete compromise of the web server, data theft, or deployment of backdoors. The vulnerability enables attackers to access sensitive files on the server, execute malicious scripts, and potentially escalate privileges within the compromised environment. This type of vulnerability is particularly dangerous because it can be exploited without authentication and can be combined with other attack vectors to achieve more extensive system compromise.
The ATT&CK framework categorizes this vulnerability under the T1190 technique for Exploit Public-Facing Application, as it represents an attack against a publicly accessible web application component. The vulnerability's impact is amplified by the widespread use of WordPress and the specific theme affected, making it a prime target for automated exploitation attempts. Organizations using affected versions of the Notarius theme should immediately implement mitigation strategies including input validation, parameter sanitization, and the removal of vulnerable include statements. The most effective immediate fix involves ensuring that all user-supplied input used in include/require statements is properly validated against a whitelist of allowed values, preventing the inclusion of arbitrary files or URLs. Additionally, disabling remote file inclusion capabilities in PHP configuration and implementing proper access controls around theme files can significantly reduce the attack surface and prevent exploitation of this vulnerability.