CVE-2025-68539

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

CVE-2025-68539

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

CVE-2025-68539

CVE-2025-68539 affects the WordPress theme Fana (thembay) up to version 1.1.35, with an Unauthenticated Local File Inclusion due to improper control of include/require filenames. Public sources (NVD/Red Hat/Patchstack/Wordfence) enumerate Fana

CVE-2025-68539 WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

PT-2026-21093

Name of the Vulnerable Software and Affected Versions thembay Fana versions through 1.1.35 Description An issue exists in thembay Fana related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion. This allows for potential unauthorized access or...

WordPress plugin Fana 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fana versions = 1.1.35...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fana versions = 1.1.35...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Software : Fana Type : Theme Vulnerable versions : = 1.1.35 Fixed in : 1.1.36 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68540 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : 1370613da8d7...

CVE-2025-68540

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

EUVD-2025-205187

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

CVE-2025-68540 WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

CVE-2025-68540 WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

WordPress plugin Popup Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Heateor Social Login WordPress 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Heateor Social Login WordPress plugin <= 1.1.35 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin Heateor Social Login versions = 1.1.35...

PT-2024-15979 · Heateor · Heateor Social Login Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Heateor Social Login WordPress plugin versions up to, and including, 1.1.35 Description: The Heateor Social Login WordPress plugin has an authentication bypass issue due to insufficient verification on the user being returned by the social...

WordPress Magical Addons For Elementor Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34547 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74ccb66566e9 Credits Khalid Yusuf Required...

WordPress plugin WPZOOM Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin WPZOOM Addons for Elementor versions = 1.1.35...