210 matches found
PT-2025-35742
Name of the Vulnerable Software and Affected Versions: BuddyDev MediaPress versions through 1.5.9.1 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue, which allows for PHP Local File Inclusion...
CVE-2025-48160
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects Caliris: from n/a through = 1.5...
CVE-2025-53210
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in bdthemes ZoloBlocks zoloblocks allows PHP Local File Inclusion.This issue affects ZoloBlocks: from n/a through = 2.3.2...
CVE-2025-48149
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through = 1.2.3...
CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...
CVE-2025-54017
CVE-2025-54017 is a PHP Local File Inclusion in the WordPress plugin Paid Member Subscriptions (vulnerable up to 2.15.4). The root cause is improper control of include/require filenames, enabling local file inclusion. The vulnerability is rated high (CVSS 3.1 base 7.5) with network access, high i...
PT-2025-33919 · Caliris +1 · Caliris +1
Name of the Vulnerable Software and Affected Versions: Caliris versions not specified through 1.5 Description: This issue involves an improper control of filename for include/require statements in PHP programs, specifically a PHP Local File Inclusion in CocoBasic Caliris. Recommendations: At the...
Exploit for CVE-2025-8723
⚡️ Cloudflare Image Resizing Description: The plugin'...
Exploit for CVE-2025-49113
CVE-2025-49113-Roundcube-RCE-PHP...
CVE-2025-54700
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through = 1.8.4...
CVE-2025-49271
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - Merge Tags: from n/a through = 1.4.4...
CVE-2025-52716
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Acato WP REST Cache wp-rest-cache allows PHP Local File Inclusion.This issue affects WP REST Cache: from n/a through = 2025.1.0...
CVE-2025-25172
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through = 1.9.4...
CVE-2025-3703 WordPress CSS & JavaScript Toolbox plugin < 12.0.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & JavaScript Toolbox: from n/a through 12.0.3...
CVE-2025-52732 WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 GMap Targeting gmap-targeting allows PHP Local File Inclusion.This issue affects GMap Targeting: from n/a through = 1.1.6...
CVE-2025-52806 WordPress JobSearch Plugin <= 2.9.0 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch: from n/a through 2.9.0...
WordPress plugin Responsive Posts Carousel WordPress Plugin Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
BIT-LIBPHP-2025-1217 Header parser of http stream wrapper does not handle folded headers
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME...
BIT-LIBPHP-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...
BIT-LIBPHP-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...