CVE-2025-49935

CVE-2025-49935 affects WordPress WoodMart theme versions before 8.3.2 and is a Local File Inclusion (LFI) flaw caused by improper control of the filename in include/require statements (PHP Remote File Inclusion context). The issue could allow an attacker to include local files via crafted request...

CVE-2025-49921

CVE-2025-49921 describes an Local File Inclusion (LFI) in the WordPress JetReviews plugin ≤ 3.0.0 due to improper control of the filename in include/require statements, enabling potential local file exposure. The issue affects JetReviews versions up to 3.0.0. Remediation recommended: update JetRe...

CVE-2025-49921 WordPress JetReviews plugin <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through = 3.0.0...

CVE-2025-48338

The CVE notes a PHP Local File Inclusion in the WordPress plugin WP Abstracts wp-abstracts-manuscripts-manager (affected:

CVE-2025-48338 WordPress WP Abstracts plugin <= 2.7.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstracts: from n/a through = 2.7.4...

CVE-2025-32657 WordPress Testimonial Slider and Showcase Pro plugin <= 2.1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a...

CVE-2025-32657

CVE-2025-32657 describes a Local File Inclusion vulnerability in the WordPress plugin “RadiusTheme Testimonial Slider And Showcase Pro” (versions

CVE-2022-50581

The CVE-2022-50581 entry concerns the Linux kernel vulnerability in the HFS filesystem code. A faulty length value in hfs_write_inode() can lead to an OOB read during hfs_brec_find() via hfs_strcmp(), caused by len exceeding HFS_NAMELEN. The root cause is insufficient length validation before inv...

WordPress plugin Billey 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Billey plugin, which stems from improper control over the filename of include or require statements, and can be exploited ...

WordPress plugin designervily Xcare xcare 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin EduMall 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-43275

Name of the Vulnerable Software and Affected Versions ThemeMove SmilePure versions prior to 1.8.5 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

WordPress plugin designervily karzo 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin WP Abstracts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin WoodMart 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Medizin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

OpenText Flipper 安全漏洞

OpenText Flipper is a vendor self-submission invoice portal extension package from OpenText Canada. A security vulnerability exists in OpenText Flipper version 3.1.2 that originates from an externally controlled filename or path and could lead to a path traversal attack...

CVE-2025-36730

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...

CVE-2025-36730 Windsurf Prompt Injection via Filename

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...

EUVD-2025-34255

A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions...