Total
493 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-60197 | 2 Owenr88, Wordpress | 2 Simple Contact Forms, Wordpress | 2025-11-06 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through <= 1.6.4. | ||||
| CVE-2025-58994 | 2 Designervily, Wordpress | 2 Greenify, Wordpress | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Greenify greenify allows PHP Local File Inclusion.This issue affects Greenify: from n/a through <= 2.2. | ||||
| CVE-2025-39466 | 2 Mikado-themes, Wordpress | 2 Dor, Wordpress | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | ||||
| CVE-2025-62055 | 2 Elated-themes, Wordpress | 2 Academist, Wordpress | 2025-11-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Academist academist.This issue affects Academist: from n/a through < 1.3. | ||||
| CVE-2025-60202 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through <= 2.3.6. | ||||
| CVE-2025-64287 | 2 Edge-themes, Wordpress | 2 Alloggio Hotel Booking, Wordpress | 2025-11-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Alloggio - Hotel Booking alloggio allows PHP Local File Inclusion.This issue affects Alloggio - Hotel Booking: from n/a through <= 1.8. | ||||
| CVE-2025-53252 | 2 Wordpress, Zozothemes | 2 Wordpress, Zegen | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Zegen zegen allows PHP Local File Inclusion.This issue affects Zegen: from n/a through <= 1.1.9. | ||||
| CVE-2025-48290 | 2 Bslthemes, Wordpress | 2 Kinsley, Wordpress | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4. | ||||
| CVE-2025-62067 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Savory savory.This issue affects Savory: from n/a through <= 2.5. | ||||
| CVE-2025-60196 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Clearblue Clearblue® Ovulation Calculator clearblue-ovulation-calculator allows PHP Local File Inclusion.This issue affects Clearblue® Ovulation Calculator: from n/a through <= 1.2.4. | ||||
| CVE-2025-62066 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 7.4 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Revolution revolution.This issue affects Revolution: from n/a through < 2.5.8. | ||||
| CVE-2025-60192 | 2 Premmerce, Wordpress | 2 Wholesale Pricing For Woocommerce, Wordpress | 2025-11-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10. | ||||
| CVE-2025-62075 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 7.3 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6. | ||||
| CVE-2025-39463 | 1 Wordpress | 1 Wordpress | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9. | ||||
| CVE-2025-60203 | 1 Wordpress | 1 Wordpress | 2025-11-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion.This issue affects Store Exporter: from n/a through <= 2.7.6. | ||||
| CVE-2025-60193 | 2 Premmerce, Wordpress | 2 User Roles, Wordpress | 2025-11-06 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through <= 1.0.13. | ||||
| CVE-2025-39468 | 1 Wordpress | 1 Wordpress | 2025-11-06 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pantherius Modal Survey modal-survey.This issue affects Modal Survey: from n/a through <= 2.0.2.0.1. | ||||
| CVE-2025-12497 | 2 Averta, Wordpress | 3 Phlox, Premium Portfolio Features For Phlox Theme, Wordpress | 2025-11-06 | 8.1 High |
| The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'args[extra_template_path]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2024-14002 | 1 Nagios | 2 Nagios Xi, Xi | 2025-11-06 | 5.5 Medium |
| Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host. | ||||
| CVE-2024-31459 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-11-04 | 8.1 High |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue. | ||||