CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•6 views

CVE-2025-58707

The CVE-2025-58707 issue is a Local File Inclusion vulnerability in the WordPress Spin theme (Spin) versions up to 1.8. It arises from improper handling of filenames for include/require statements in a PHP program, enabling PHP LFI. Affected product: Axiomthemes Spin (WordPress Spin theme

8.1CVSS5.8AI score0.00115EPSS

EUVD•added 2026/04/22 9:31 a.m.•3 views

EUVD-2026-24688

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

6.5CVSS5.8AI score0.00164EPSS

Exploits0References8

GithubExploit•added 2026/04/10 1:46 p.m.•146 views

Exploit for Code Injection in Backupbliss Backup_Migration

🔥 CVE-2023-6553 — WordPress Backup Migration RCE Unauthen...

9.8CVSS7.8AI score0.93531EPSS

Exploits14

Positive Technologies•added 2026/04/10 12:0 a.m.•1 views

PT-2026-31913

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4...

7.5CVSS5.8AI score0.00026EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 8:30 a.m.•1 views

CVE-2026-39681 WordPress Homeo theme <= 1.2.59 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...

7.5CVSS5.8AI score0.00147EPSS

RedhatCVE•added 2026/03/26 5:1 p.m.•2 views

CVE-2026-22513

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Triompher triompher allows PHP Local File Inclusion.This issue affects Triompher: from n/a through = 1.1.0...

RedhatCVE•added 2026/03/26 5:1 p.m.•1 views

CVE-2026-22516

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...

CVE•added 2026/03/25 4:15 p.m.•6 views

CVE-2026-32531

CVE-2026-32531: Kunco WordPress Theme (

CVE•added 2026/03/25 4:14 p.m.•7 views

CVE-2026-27078

CVE-2026-27078 corresponds to an LFI in Mikado-Themes Emaurri (WordPress) due to improper control of filenames in PHP include/require. Affected software: Emaurri versions up to and including 1.0.1. Impact as described in sources is PHP Local File Inclusion, with attackers potentially disclosing o...

8.1CVSS5.8AI score0.00056EPSS

CVE•added 2026/03/25 4:14 p.m.•4 views

CVE-2026-27075

CVE-2026-27075 concerns an Improper Control of Filename for Include/Require Statement (PHP Local File Inclusion) in Mikado-Themes Belfort (WordPress theme Belfort). The vulnerability allows Local File Inclusion due to inadequate validation of filenames used in PHP include/require, affecting Belfo...

Cvelist•added 2026/03/25 4:14 p.m.•21 views

CVE-2026-27048 WordPress The Aisle Core plugin <= 2.0.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through = 2.0.5...

CVE•added 2026/03/25 4:14 p.m.•3 views

CVE-2026-22516

CVE-2026-22516 is a Local File Inclusion vulnerability affecting WordPress plugin/theme Wizor's Wizor's Investments, specifically versions up to and including 2.12. The issue is described as an improper control of filename for Include/Require statements in PHP, enabling PHP Local File Inclusion (...

Cvelist•added 2026/03/25 4:14 p.m.•20 views

CVE-2026-22509 WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...

Cvelist•added 2026/03/25 4:14 p.m.•20 views

CVE-2026-22502 WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through = 1.1.9...

Cvelist•added 2026/03/25 4:14 p.m.•22 views

CVE-2026-22499 WordPress Lella theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Lella lella allows PHP Local File Inclusion.This issue affects Lella: from n/a through = 1.2...

Cvelist•added 2026/03/25 4:14 p.m.•24 views

CVE-2026-22494 WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through = 1.3.13...

Cvelist•added 2026/03/25 4:14 p.m.•23 views

CVE-2026-22498 WordPress Laurent theme <= 3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through = 3.1...

ATTACKERKB•added 2026/03/23 6:21 p.m.•1 views

CVE-2026-33513

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...

8.6CVSS6.4AI score0.00344EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/13 11:42 a.m.•1 views

CVE-2026-32401 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows PHP Local File Inclusion.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.9...

7.2CVSS5.8AI score0.00157EPSS