8987 matches found
CVE-2026-57743
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-22102 Arbitrary file overwrite through certificate update functionality
A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...
CVE-2026-22102
CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...
CVE-2026-57795
CVE-2026-57795 affects the WordPress theme Kitchor (Themelexus) up to version
CVE-2026-57793
CVE-2026-57793 affects the Flow WordPress theme by Elated-Themes. The issue is an improper filename control in Include/Require statements, resulting in a PHP Local File Inclusion (LFI). Affected versions are Flow:
CVE-2026-57803
CVE-2026-57803 describes a PHP Local File Inclusion vulnerability in Struktur Core (struktur-core) for WordPress, arising from improper handling of filenames in Include/Require statements. The issue affects Struktur Core versions from n/a up to and including 2.5.1 and enables a potential remote a...
CVE-2026-57801
Technical details are not publicly available in the provided documents for CVE-2026-57801. Monitor for updates.
CVE-2026-57790
CVE-2026-57790 is linked to the WordPress/ThemeMove Billey billey theme with a Local File Inclusion flaw triggered by improper control of filenames in PHP include/require. Affected: Billey versions up to and including 2.1.8 (no public details on fixed versions are provided in the documents). The ...
CVE-2026-57805
CVE-2026-57805 impact: WordPress theme Tonda (Select-Themes)
CVE-2026-57800
Technical details about CVE-2026-57800 are not provided in the connected documents. The entries mention Local File Inclusion in Overworld theme
CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...
CVE-2026-57788 WordPress Aalto theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Aalto aalto allows PHP Local File Inclusion.This issue affects Aalto: from n/a through = 1.8...
CVE-2026-57790 WordPress Billey theme <= 2.1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...
CVE-2026-57799 WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...
CVE-2026-57793 WordPress Flow theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...
CVE-2026-57796 WordPress Leedo theme <= 3.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through = 3.0.0...
CVE-2026-57798
CVE-2026-57798 affects the WordPress plugin NewsPlus Shortcodes (<= 4.2.0). The issue is described as an Improper Control of Filename for Include/Require Statement in PHP (PHP Remote File Inclusion) vulnerability that allows PHP Local File Inclusion (LFI) . Root cause: improper filename handli...
CVE-2026-57792
CVE-2026-57792 pertains to Mikado-Themes Dør dor (WordPress theme). It describes an Improper Control of Filename for Include/Require Statement in PHP, enabling Local File Inclusion (LFI) and labeled as a PHP Remote File Inclusion vulnerability. The issue affects Dør versions up to and including 2...
CVE-2026-57789
Technical details about CVE-2026-57789 are not publicly available in the provided documents; please monitor for updates.
CVE-2026-57791
CVE-2026-57791 : Affected software is the WordPress Brook theme, <= 2.9.0. The issue is an improper validation/control of filenames in PHP include/require, enabling an PHP Local File Inclusion via a crafted filename. The NVD entry cites a CVSS v3.1 base score of 7.5 (HIGH) with network attack ...