CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8812 matches found

CVE•added 2025/08/28 12:37 p.m.•11 views

CVE-2025-54716

CVE-2025-54716 is a local file inclusion vulnerability in WordPress themes: Ireca (WordPress Theme, versioned up to 1.8.5). The underlying issue is Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion), enabling LFI. Affected product: Ireca

8.1CVSS5.9AI score0.00393EPSS

Exploits0References1

Cvelist•added 2025/08/28 12:37 p.m.•8 views

CVE-2025-54716 WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ireca ireca allows PHP Local File Inclusion.This issue affects Ireca: from n/a through = 1.8.5...

8.1CVSS0.00393EPSS

Exploits0References1

CVE•added 2025/08/28 12:37 p.m.•12 views

CVE-2025-53578

CVE-2025-53578 affects Gavias Kipso WordPress Theme (

8.1CVSS5.9AI score0.00404EPSS

Exploits0References1

Vulnrichment•added 2025/08/28 12:37 p.m.•1 views

CVE-2025-53576 WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ovatheme Events ova-events allows PHP Local File Inclusion.This issue affects Ovatheme Events: from n/a through = 1.2.8...

8.1CVSS5.3AI score0.00404EPSS

Exploits0References1

Vulnrichment•added 2025/08/28 12:37 p.m.•1 views

CVE-2025-53578 WordPress Kipso Theme <= 1.3.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kipso allows PHP Local File Inclusion. This issue affects Kipso: from n/a through 1.3.4...

8.1CVSS7.4AI score0.00404EPSS

Exploits0References1

CVE•added 2025/08/28 12:37 p.m.•15 views

CVE-2025-53576

CVE-2025-53576 affects the WordPress plugin Ovatheme Events (versions up to and including 1.2.8). The vulnerability is described as an Improper Control of Filename for Include/Require Statement , i.e., a PHP Local File Inclusion (LFI) flaw that can be exploited without authentication. Public risk...

8.1CVSS5.9AI score0.00404EPSS

Exploits0References1

CVE•added 2025/08/28 12:37 p.m.•19 views

CVE-2025-53334

CVE-2025-53334 is a Local File Inclusion vulnerability in the WordPress Jannah theme (

8.1CVSS5.9AI score0.00393EPSS

Exploits0References1

Cvelist•added 2025/08/28 12:37 p.m.•10 views

CVE-2025-53334 WordPress Jannah Theme < 7.5.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through 7.5.1...

8.1CVSS0.00393EPSS

Exploits0References1

Cvelist•added 2025/08/28 12:37 p.m.•9 views

CVE-2025-53326 WordPress Gutenify Plugin <= 1.5.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodeYatri Gutenify gutenify allows PHP Local File Inclusion.This issue affects Gutenify: from n/a through = 1.5.4...

7.5CVSS0.00445EPSS

Exploits0References1

CVE•added 2025/08/28 12:37 p.m.•12 views

CVE-2025-53328

CVE-2025-53328 is a Local File Inclusion vulnerability in the WordPress plugin Poll, Survey & Quiz Maker Plugin by Opinion Stage (versions up to 19.11.0). Root cause: improper control of filename for include/require in PHP, enabling LFI. Affected: Poll, Survey & Quiz Maker Plugin by Opinion Stage (

7.5CVSS5.9AI score0.00417EPSS

Exploits1References1

Cvelist•added 2025/08/28 12:37 p.m.•9 views

CVE-2025-53248 WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine eximious-magazine allows PHP Local File Inclusion.This issue affects Magazine: from n/a through = 1.2.2...

8.1CVSS0.00404EPSS

Exploits0References1

Vulnrichment•added 2025/08/28 12:37 p.m.•1 views

CVE-2025-53248 WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability

8.1CVSS5.3AI score0.00404EPSS

Exploits0References1

CVE•added 2025/08/28 12:37 p.m.•11 views

CVE-2025-53216

CVE-2025-53216 affects ThemeUniver Glamer (WordPress theme)

8.1CVSS5.9AI score0.00404EPSS

Exploits0References1

Cvelist•added 2025/08/28 12:37 p.m.•7 views

CVE-2025-49405 WordPress Houzez Theme < 4.1.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4...

4.3CVSS0.00244EPSS

Exploits0References1

Cvelist•added 2025/08/28 5:24 a.m.•7 views

CVE-2024-13807 Xagio SEO <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files

The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract...

7.5CVSS0.00351EPSS

Exploits0References3

Vulnrichment•added 2025/08/28 5:24 a.m.•0 views

CVE-2024-13807 Xagio SEO <= 7.1.0.5 - Unauthenticated Sensitive Information Exposure via Unprotected Back-Up Files

7.5CVSS7AI score0.00351EPSS

Exploits0References3

Positive Technologies•added 2025/08/28 12:0 a.m.•3 views

PT-2025-35070

Name of the Vulnerable Software and Affected Versions: ovatheme Ireca versions through 1.8.5 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion. Recommendations...

8.1CVSS6.4AI score0.00393EPSS

Exploits0References5

CNNVD•added 2025/08/28 12:0 a.m.•3 views

WordPress plugin Houzez 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS6.5AI score0.00244EPSS

Exploits0References2

CNNVD•added 2025/08/28 12:0 a.m.•2 views

WordPress plugin Xagio SEO 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. An information disclosure...

7.5CVSS5.9AI score0.00351EPSS

Exploits0References4

Positive Technologies•added 2025/08/28 12:0 a.m.•5 views

PT-2025-35124

Name of the Vulnerable Software and Affected Versions Linksys RE6250 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.0.013.001 Linksys RE6300 version 1.0.04.001...

8.8CVSS6.5AI score0.08406EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by