8767 matches found
CVE-2026-24390 WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through 3.1...
CVE-2026-23975 WordPress Golo theme < 1.7.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through 1.7.5...
CVE-2026-23978 WordPress Gyan Elements plugin <= 2.2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through = 2.2.1...
CVE-2026-23975 WordPress Golo theme < 1.7.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through 1.7.5...
CVE-2026-23975
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through 1.7.5...
CVE-2026-23978
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through = 2.2.1...
CVE-2026-23978
CVE-2026-23978 affects the WordPress plugin Gyan Elements (gyan-elements) up to version 2.2.1. It is a Local File Inclusion via improper control of the filename in include/require statements, exploitable by an authenticated contributor+. CVSS v3.1 base score 7.5 (HIGH); impact on confidentiality,...
CVE-2026-22464 WordPress My auctions allegro plugin <= 3.6.33 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through = 3.6.33...
CVE-2026-22464
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: from n/a through = 3.6.33...
CVE-2026-22464
CVE-2026-22464 applies to the WordPress plugin My Auctions Allegro Free Edition (≤ 3.6.33). The issue is a PHP Local File Inclusion caused by improper control of the filename in Include/Require statements, enabling LFI within the affected plugin. Public references in connected sources confirm aff...
CVE-2026-22402
CVE-2026-22402 describes an improper filename control in the WordPress theme Triply (Triply Tour Booking) that enables PHP Local File Inclusion (LFI) via include/require. Affected: Triply versions from n/a through 2.4.7. Root cause: improper validation of included file paths, allowing an attacker...
CVE-2026-22401
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through = 2.4.2...
CVE-2026-22402
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through = 2.4.7...
CVE-2026-22401 WordPress Freshio theme <= 2.4.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through = 2.4.2...
CVE-2026-22401
CVE-2026-22401 affects the WordPress Freshio theme (versions up to 2.4.2). Described as an Improper Control of Filename for Include/Require Statement in PHP (PHP Local File Inclusion) vulnerability, arising from mismanaging include/require filenames. Public details in the provided documents state...
CVE-2026-22401 WordPress Freshio theme <= 2.4.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through = 2.4.2...
CVE-2025-69314
CVE-2025-69314 describes a PHP Local File Inclusion in the WordPress theme Werkstatt (fuelthemes) exploitable via improper control of the filename used by include/require. Affected: Werkstatt versions before 4.8.3 (i.e.,
CVE-2025-69314 WordPress Werkstatt theme < 4.8.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through 4.8.3...
CVE-2025-69314 WordPress Werkstatt theme < 4.8.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through 4.8.3...
CVE-2025-69100 WordPress North theme <= 5.7.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through = 5.7.5...