CVE-2026-22370 WordPress Marveland theme <= 1.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through = 1.3.0...

CVE-2025-69402 WordPress R&F theme <= 1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX R&F rf allows PHP Local File Inclusion.This issue affects R&F: from n/a through = 1.5...

CVE-2025-69374 WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through =...

PT-2026-21053

Name of the Vulnerable Software and Affected Versions thembay Hara versions through 1.2.17 Description An improper control of filename for include/require statement exists in the thembay Hara software, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files withi...

CVE-2025-69004

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...

CVE-2025-49994

CVE-2025-49994 affects the WordPress Athens theme (ovatheme Athens) prior to or equal to version 1.1.6, enabling unauthenticated Local File Inclusion via improper control of filename in Include/Require statements (PHP Remote File Inclusion). Publicly documented in NVD/Red Hat/ENISA and reflected ...

PT-2026-4078

Name of the Vulnerable Software and Affected Versions ThemeGoods Photography versions prior to 7.7.5 Description The software contains a flaw due to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusio...

CVE-2025-67920 WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through 1.2...

CVE-2025-12550

CVE-2025-12550 refers to an unauthenticated Local File Inclusion in the OchaHouse WordPress theme by jwsthemes. The root cause is Improper Control of Filename for Include/Require statements in PHP, enabling LFI. Affected software is OchaHouse (WordPress Theme) versioned at or before 2.2.8 (inclus...

PT-2025-53873

Name of the Vulnerable Software and Affected Versions thembay Greenmart versions through 4.2.11 Description A flaw exists in thembay Greenmart that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to PHP Remote File...

CVE-2025-49363

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through = 1.1.16...

EUVD-2025-204124

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Kicker kicker allows PHP Local File Inclusion.This issue affects Kicker: from n/a through = 2.2.0...

EUVD-2025-204171

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through = 1.17...

EUVD-2025-204212

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes FitLine fitline allows PHP Local File Inclusion.This issue affects FitLine: from n/a through = 1.6...

EUVD-2025-204217

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes EasyEat easyeat allows PHP Local File Inclusion.This issue affects EasyEat: from n/a through = 1.9.0...

CVE-2025-58946

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Vocal vocal allows PHP Local File Inclusion.This issue affects Vocal: from n/a through = 1.12...

CVE-2025-64377

CVE-2025-64377 is a Local File Inclusion vulnerability in the WordPress ListingPro theme for versions prior to 2.9.10, caused by improper filename control in include/require statements in PHP. The issue affects ListingPro: from n/a through

CVE-2025-60043 WordPress Wanderic theme <= 1.0.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wanderic wanderic allows PHP Local File Inclusion.This issue affects Wanderic: from n/a through = 1.0.10...

CVE-2025-58889

Summary: CVE-2025-58889 affects the WordPress Towny theme (versions prior to 1.17). The root cause is improper control of filenames in include/require statements, enabling a PHP Local File Inclusion (LFI) vulnerability. Affected component: Towny plugin/theme code for WordPress. Impact: potential ...

CVE-2025-67529 WordPress Fashion theme < 5.3.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...