EUVD-2025-204156

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through = 1.3.12...

CVE-2025-58940

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through = 1.3.12...

CVE-2025-58940 WordPress Basil theme <= 1.3.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Basil basil allows PHP Local File Inclusion.This issue affects Basil: from n/a through = 1.3.12...

CVE-2025-58940

CVE-2025-58940 describes a Local File Inclusion vulnerability in the WordPress Basil theme, caused by improper control of the filename for include/require statements in PHP. The affected product is the Basil WordPress theme, version range from unknown/n-a up to and including 1.3.12. The issue is ...

WordPress Basil theme <= 1.3.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Basil versions = 1.3.12...

WordPress Basil theme <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Unknown in WordPress Theme Basil versions = 2.0.4...

WordPress Basil Theme <= 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Basil Type Theme Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-39310 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 604f7a92c550 Credits Unknown Required privilege...

CVE-2024-39310 WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the posttitle parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access...

CVE-2024-39310 WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the posttitle parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access...