18 matches found
CVE-2026-22499
CVE-2026-22499 concerns the WordPress Lella theme. Affected software: Lella versions n/a through 1.2. Root cause: Improper control of filenames used by Include/Require in PHP, enabling Local File Inclusion. Impact per sources: potential PHP Local File Inclusion with high severity (CVSS 3.1 base 8...
CVE-2026-22503
CVE-2026-22503 relates to the WordPress Theme Nelson by ThemeREX, where an improper filename validation in PHP include/require statements leads to a PHP Local File Inclusion (LFI) vulnerability. Affected product: Nelson versions from unspecified until <= 1.2.0. The NVD/Red Hat/patch sources de...
EUVD-2026-9615
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFit - Fitness and Gym WordPress Theme: from n/a through = 1.9...
EUVD-2026-9597
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...
CVE-2026-28094 WordPress RexCoin theme <= 1.2.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX RexCoin rexcoin allows PHP Local File Inclusion.This issue affects RexCoin: from n/a through = 1.2.6...
PT-2026-23310
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX MoneyFlow moneyflow allows PHP Local File Inclusion.This issue affects MoneyFlow: from n/a through = 1.0...
CVE-2025-69408
CVE-2025-69408 is a documented Local File Inclusion (LFI) vulnerability in the WordPress plugin/theme stack: HealthFirst by Mikado-Themes, version
CVE-2025-69040
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through = 1.2.1...
PT-2026-3977
Name of the Vulnerable Software and Affected Versions ovatheme Athens versions through 1.1.6 Description A flaw exists in ovatheme Athens related to improper control of filename for include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local...
PT-2026-1786
Name of the Vulnerable Software and Affected Versions ThemeMove Mitech versions prior to 2.3.5 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
EUVD-2025-204238
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue affects Jack Well: from n/a through = 1.0.14...
CVE-2025-60190
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hinnerk Altenburg Immocaster WordPress Plugin immocaster allows PHP Local File Inclusion.This issue affects Immocaster WordPress Plugin: from n/a through = 1.3.6...
CVE-2025-59550
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in designervily Xcare xcare allows PHP Local File Inclusion.This issue affects Xcare: from n/a through 6.5...
PT-2025-43280
Name of the Vulnerable Software and Affected Versions ThemeMove Businext versions prior to 2.4.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
EUVD-2025-24705
Malicious code in bioql PyPI...
PT-2025-33987 · Unknown · Nk Ghost Kit
Name of the Vulnerable Software and Affected Versions: nK Ghost Kit versions through 3.4.1 Description: This issue involves improper control of filename handling for Include/Require statements in PHP programs, specifically a PHP Remote File Inclusion vulnerability that allows for PHP Local File...
CVE-2025-48136
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12...
CVE-2024-49701
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Theme Horse Mags.This issue affects Mags: from n/a through 1.1.6...