CVE-2026-28039

NONE EPSS 0.12%

Mar 05, 2026

Updated Mar 05, 2026

PHP

Parameter	Value
Type	CWE-98
Vendor	PHP
Public PoC	No

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through <= 6.5.0.1.

Weakness Type (CWE)

CWE-98

References 1

https://patchstack.com/database/Wordpress/Plugin/wpdatatables/vulnerability/wor…

audit@patchstack.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6409

PHP

7.1

CVE-2026-37347

PHP

9.1

CVE-2026-37346

PHP

4.7

CVE-2026-37345

PHP

9.8

CVE-2026-37344

PHP

7.2

CVE Details

CVE ID

CVE-2026-28039

Published Date

Mar 05, 2026

Vendor

PHP

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.12%

Likelihood of exploitation in next 30 days

Percentile: 31.1th percentile (higher than 31.1% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

View Advisory

Menu

CVE-2026-28039

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-6409

CVE-2026-37347

CVE-2026-37346

CVE-2026-37345

CVE-2026-37344

CVE Details

Editor's Choice

Menu

CVE-2026-28039

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-6409

CVE-2026-37347

CVE-2026-37346

CVE-2026-37345

CVE-2026-37344

CVE Details

Editor's Choice

Stay informed on cybersecurity