CVE-2025-5804

CVE-2025-5804 affects the WordPress plugin Case Theme User (versions before 1.0.4). The issue is an Unauthenticated Local File Inclusion due to Improper Control of Filename for Include/Require Statement in PHP, enabling LFI in Case Theme User prior to 1.0.4. Public references from Patchstack/Word...

PT-2026-31914

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1...

EUVD-2026-15522

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through = 1.2...

CVE-2026-27078

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through = 1.0.1...

CVE-2026-27081

CVE-2026-27081 concerns the WordPress Rosebud theme (Rosebud) with versions up to and including 1.4, exposing a Local File Inclusion via improper control of include/require filenames in PHP. The vulnerability is documented as LFI in Rosebud

CVE-2026-22512 WordPress Roisin theme <= 1.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Roisin roisin allows PHP Local File Inclusion.This issue affects Roisin: from n/a through = 1.2.1...

CVE-2026-22495 WordPress Greenville theme <= 1.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Greenville greenville allows PHP Local File Inclusion.This issue affects Greenville: from n/a through = 1.3.2...

PT-2026-27819

Name of the Vulnerable Software and Affected Versions AncoraThemes Hypnotherapy versions through 1.2.10 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Loc...

PT-2026-27979

Name of the Vulnerable Software and Affected Versions Mikado-Themes Deston versions n/a through 1.0 Description A flaw exists in the handling of filenames for include/require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Mikado-Themes Deston. This allows for P...

CVE-2026-28033

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Edifice edifice allows PHP Local File Inclusion.This issue affects Edifice: from n/a through = 1.8...

CVE-2026-22395

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Fiorello fiorello allows PHP Local File Inclusion.This issue affects Fiorello: from n/a through = 1.0...

EUVD-2026-9719

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dermatology Clinic dermatology-clinic allows PHP Local File Inclusion.This issue affects Dermatology Clinic: from n/a through = 1.4.3...

EUVD-2026-9681

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

EUVD-2026-9609

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Theme consultor allows PHP Local File Inclusion.This issue affects Consultor | Consulting, Accounting &...

CVE-2026-28121

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue affects Anderson: from n/a through = 1.4.2...

CVE-2026-28057

CVE-2026-28057 — Local File Inclusion in ThemeREX Mandala (WordPress theme) up to version 2.8. The issue stems from improper filename handling in PHP include/require, enabling PHP Local File Inclusion. Affected product: Mandala (ThemeREX Mandala) on WordPress; impact includes high confidentiality...

CVE-2026-28007

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Coinpress coinpress allows PHP Local File Inclusion.This issue affects Coinpress: from n/a through = 1.0.14...

CVE-2026-27993

CVE-2026-27993 affects the WordPress Theme Aldo by ThemeREX, vulnerable to Local File Inclusion via improper filename handling. Affected product versions: Aldo

CVE-2026-27381

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through = 1.3.15...

CVE-2026-22425

CVE-2026-22425 documents a Local File Inclusion in the WordPress theme Sweet Jane (Elated-Themes)