CVE-2025-30635

CVE-2025-30635 affects IDonatePro (WordPress plugin) <= 2.1.9 and is described as an improper control of the filename for include/require statements, enabling PHP Local File Inclusion. Public sources in the connected documents corroborate the vulnerability as a Local File Inclusion issue and n...

CVE-2025-32288 WordPress RT-Theme 18 | Extensions plugin <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.4...

CVE-2025-32288

CVE-2025-32288 – RT-Theme 18 Extensions (WordPress) Affects WordPress plugin: RT-Theme 18 Extensions, versions through 2.4. Description: Improper control of filenames for Include/Require statements in PHP (PHP Remote File Inclusion) leading to Local File Inclusion (LFI). The root cause is imprope...

CVE-2025-48293

CVE-2025-48293 affects WordPress Geo Mashup plugin (

CVE-2025-48332 WordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: from n/a through = 3.3.1...

CVE-2025-48293 WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through = 1.13.16...

CVE-2025-48293 WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. This issue affects Geo Mashup: from n/a through 1.13.16...

CVE-2025-49036 WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This issue affects Premium Addons for KingComposer: from n/a...

CVE-2025-49036

CVE-2025-49036 is a Local File Inclusion vulnerability in WordPress Premium Addons for KingComposer (versions up to 1.1.1). The issue arises from improper control of filename handling for include/require statements in PHP, enabling an attacker to potentially include local files. No exploit vector...

CVE-2025-49264 WordPress Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO - Single Sign On...

CVE-2025-49271 WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...

CVE-2025-49271 WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...

CVE-2025-49271

CVE-2025-49271 describes an issue in GravityWP – Merge Tags where improper handling of filenames in PHP Include/Require statements enables PHP Local File Inclusion. Affected versions are GravityWP – Merge Tags up to and including 1.4.4. The weakness could allow an attacker to access local files v...

CVE-2025-52716 WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through = 2025.1.0...

CVE-2025-52716

CVE-2025-52716 concerns the WordPress plugin WP REST Cache prior to or up to version 2025.1.0. The vulnerability is an improper control of filenames for include/require statements, enabling local file inclusion (LFI) via the PHP runtime. Affected products are WP REST Cache (WordPress plugin); no ...

CVE-2025-52716 WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP REST Cache: from n/a through 2025.1.0...

CVE-2025-52728

CVE-2025-52728 is a PHP Local File Inclusion vulnerability in the WordPress plugin “Responsive Posts Carousel Pro” (affected: versions up to 15.0), caused by improper control of filenames used in include/require statements. The issue enables inclusion of local files via crafted input. Connected s...

CVE-2025-52728 WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a through = 15...

CVE-2025-52728 WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local File Inclusion. This issue affects Responsive Posts Carousel WordPress Plugin: from n/a through 15.0...

CVE-2025-52732 WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 GMap Targeting gmap-targeting allows PHP Local File Inclusion.This issue affects GMap Targeting: from n/a through = 1.1.6...