PT-2026-21092

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through = 1.3.14...

PT-2026-21099

Name of the Vulnerable Software and Affected Versions WebCodingPlace WooCommerce Coming Soon Product with Countdown versions through 5.0 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusio...

PT-2026-21103

Name of the Vulnerable Software and Affected Versions Themepul TopperPack – Complete Elementor Addons, Theme & CPT Builder versions through 1.2.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusio...

PT-2026-21178

Name of the Vulnerable Software and Affected Versions ThemeREX Tint versions through 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations Upda...

PT-2026-21190

Name of the Vulnerable Software and Affected Versions PJ | Life & Business Coaching versions prior to 3.0.1 Description A flaw exists in PJ | Life & Business Coaching related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows...

PT-2026-21180

Name of the Vulnerable Software and Affected Versions ThemeREX Cobble versions through 1.7 Description A flaw exists in ThemeREX Cobble that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote File Inclusio...

PT-2026-21168

Name of the Vulnerable Software and Affected Versions whatwouldjessedo Simple Retail Menus versions through 4.2.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP...

PT-2026-21208

Name of the Vulnerable Software and Affected Versions axiomthemes Soleng versions through 1.0.5 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...

PT-2026-21211

Name of the Vulnerable Software and Affected Versions axiomthemes Redy versions through 1.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local File Inclusion. The issue is identified as a PHP Remote...

PT-2026-21216

Name of the Vulnerable Software and Affected Versions AncoraThemes Fooddy versions through 1.3.10 Description The software contains an Improper Control of Filename for Include/Require Statement issue, specifically a PHP Local File Inclusion. This allows for the inclusion of local files...

PT-2026-21054

Name of the Vulnerable Software and Affected Versions thembay Besa versions prior to 2.3.16 Description An issue exists in thembay Besa related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion. This allows for the inclusion of local files...

PT-2026-21210

Name of the Vulnerable Software and Affected Versions AncoraThemes Coworking versions through 1.6.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, potentially leading to PHP Local File Inclusion. The issue allows for the...

CVE-2026-27343

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

CVE-2026-27343

CVE-2026-27343 affects WordPress Airtifact theme versions

CVE-2026-27343 WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

CVE-2026-27343 WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through = 1.2.91...

CVE-2026-1317

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the filename parameter which is stored in the database during file upload and later used in raw SQL queri...

CVE-2026-27052

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

CVE-2026-25326

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...

CVE-2026-25326

CVE-2026-25326 corresponds to a Local File Inclusion issue in the WordPress plugin CMSMasters Content Composer (cmsmasters-content-composer), affecting versions from n/a through 1.4.5. The vulnerability stems from improper control of filename for include/require statements, enabling LFI in CMSMas...