CVE-2025-62014 WordPress ITok theme <= 1.1.42 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through = 1.1.42...

CVE-2025-62014

The CVE-2025-62014 entry documents a Local File Inclusion vulnerability in the WordPress ITok theme (WordPress plugin) versions up to and including 1.1.42. The issue is described as improper control of the filename for include/require statements in PHP, enabling PHP Remote File Inclusion under th...

CVE-2025-60248

CVE-2025-60248 affects the WordPress plugin WPC Product Options for WooCommerce (WPClever) up to version 1.8.6. The issue is described as an improper control of filename for include/require statements, leading to PHP Local File Inclusion (LFI) via a PHP Remote File Inclusion vector. The CVSS vect...

CVE-2025-62010 WordPress Famita theme <= 1.54 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Famita famita allows PHP Local File Inclusion.This issue affects Famita: from n/a through = 1.54...

CVE-2025-60241

The CVE-2025-60241 entry concerns the WordPress Premmerce plugin (versions up to 1.3.19) with an improper control of the filename in an include/require statement, resulting in a Local File Inclusion (LFI) vulnerability in Premmerce. Multiple connected sources (Red Hat, NVD/NIST, CVE lists, EUVD/E...

CVE-2025-60240 WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-60240 WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Alexander AnyComment anycomment allows PHP Local File Inclusion.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-60240

CVE-2025-60240 affects the WordPress AnyComment plugin

CVE-2025-60204 WordPress WooCommerce Store Toolkit plugin <= 2.4.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through = 2.4.3...

CVE-2025-60204

The vulnerability CVE-2025-60204 affects the WordPress plugin “WooCommerce Store Toolkit” (woocommerce-store-toolkit) for versions

CVE-2025-60203 WordPress Store Exporter plugin <= 2.7.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion.This issue affects Store Exporter: from n/a through = 2.7.6...

CVE-2025-60203

The CVE-2025-60203 entry concerns the WordPress Store Exporter plugin (woocommerce-exporter) with a Local File Inclusion flaw caused by improper control of filenames for include/require statements. Affected are Store Exporter versions up to and including 2.7.6. The vulnerability enables PHP Local...

CVE-2025-60202 WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through = 2.3.6...

CVE-2025-60201

CVE-2025-60201 concerns an improper control of filenames for include/require in the WordPress plugin WP Customer Area (customer-area). Affected versions are reported as the plugin being affected up to version 8.2.7, with sources also noting a vulnerability path described as Local File Inclusion (...

CVE-2025-60200 WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through = 4.1.2...

CVE-2025-60199

The CVE-2025-60199 entry is supported by connected documents describing an improper Filename control for Include/Require in PHP leading to a Local File Inclusion in the dedalx InHype WordPress Theme. Affected product: InHype – Blog & Magazine WordPress Theme, version range from unspecified up to ...

CVE-2025-60199 WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

CVE-2025-60198

CVE-2025-60198 affects the WordPress plugin/theme Saxon – Viral Content Blog & Magazine Marketing WordPress Theme (Saxon) up to version 1.9.3. The issue is an improper control of the filename for include/require statements, enabling PHP Local File Inclusion. Affected component: Saxon theme (PHP c...

CVE-2025-60198 WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...

CVE-2025-60197 WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in owenr88 Simple Contact Forms simple-contact-forms allows PHP Local File Inclusion.This issue affects Simple Contact Forms: from n/a through = 1.6.4...