8788 matches found
CVE-2025-67531
CVE-2025-67531 is a Local File Inclusion in Turitor theme. Affected: Turitor WordPress Theme, versions earlier than 1.5.3. Root cause: improper filename handling for PHP include/require statements enabling local file inclusion. Public references confirm vulnerability and a fix: patched in 1.5.3. ...
CVE-2025-67529
CVE-2025-67529 is a confirmed vulnerability in the WordPress Fashion theme (Fashion2) where an improper filename check in PHP allows Remote File Inclusion, effectively enabling Local File Inclusion. Public details indicate the affected range is Fashion: from n/a through
CVE-2025-67530
CVE-2025-67530 is a WordPress/Besa Theme vulnerability: an authenticated (Contributor+) local file inclusion (LFI) through improper handling of PHP include/require. Public detail: affected software is Besa up to version 2.3.15; the issue was identified as a Local File Inclusion via include/requir...
CVE-2025-67529 WordPress Fashion theme < 5.3.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...
CVE-2025-67531 WordPress Turitor theme < 1.5.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Turitor turitor allows PHP Local File Inclusion.This issue affects Turitor: from n/a through 1.5.3...
CVE-2025-67530 WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through = 2.3.15...
CVE-2025-67528
The CVE CVE-2025-67528 targets the Urna WordPress theme (Urna – All-in-one WooCommerce WordPress Theme). Public details in the connected Wordfence report confirm an authenticated Local File Inclusion (LFI) vulnerability via improper handling of PHP include/require statements in Urna, affecting ve...
CVE-2025-67527
CVE-2025-67527 affects Digiqole WordPress Theme (versions below 2.2.7). It is an authenticated Local File Inclusion via include/require in PHP (Contributor+). Patch: fixed in Digiqole 2.2.7; upgrade to 2.2.7 or later to mitigate.
CVE-2025-67528 WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...
CVE-2025-67526 WordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue affects Sailing: from n/a through 4.4.6...
CVE-2025-67527 WordPress Digiqole theme < 2.2.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue affects Digiqole: from n/a through 2.2.7...
CVE-2025-67524
CVE-2025-67524 covers the WordPress plugin NooTheme Jobmonster Elementor Addon (jobmonster-addon) ≤ 1.1.4. The issue is a PHP Local File Inclusion caused by improper control of the filename used in include/require statements, effectively allowing untrusted input to influence which file is include...
CVE-2025-67522
CVE-2025-67522 refers to a Local File Inclusion flaw in the WordPress Jobmonster theme (Noo JobMonster)
CVE-2025-67525 WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP ekommart ekommart allows PHP Local File Inclusion.This issue affects ekommart: from n/a through 4.3.1...
CVE-2025-67522 WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through = 4.8.2...
CVE-2025-67523 WordPress Exhibz theme <= 3.0.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue affects Exhibz: from n/a through = 3.0.9...
CVE-2025-67522 WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through = 4.8.2...
CVE-2025-67521
CVE-2025-67521 affects the WordPress plugin Select Core (Select-Themes) < 2.6 . The issue is an Improper Control of Filename for Include/Require Statements in PHP, leading to Local File Inclusion (LFI) and enabling a PHP include/require path manipulation that can expose sensitive files. The vu...
CVE-2025-67521 WordPress Select Core plugin < 2.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Select Core select-core allows PHP Local File Inclusion.This issue affects Select Core: from n/a through 2.6...
CVE-2025-67515
CVE-2025-67515 affects Wilmër WordPress Theme (Wilmër) up to v3.4.x; improper control of filenames in PHP includes enables PHP Local File Inclusion (PHP RFI). CVSS 3.1 base score 8.8 (HIGH) with network access, low attack complexity, low privileges required, no user interaction; impact includes c...