PT-2026-40295

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-28066

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Legrand legrand allows PHP Local File Inclusion.This issue affects Legrand: from n/a through = 2.17...

CVE-2026-28012

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through = 1.0.14...

CVE-2026-22420

CVE-2026-22420 pertains to the Horizon WordPress theme (AncoraThemes Horizon) with a Local File Inclusion vulnerability via improper control of the include/require filename, affecting Horizon versions up to and including 1.1. Public documentation in the connected sources confirms the vulnerabilit...

CVE-2025-53335

CVE-2025-53335 describes a PHP Local File Inclusion in the WordPress theme Berger (ThemeREX Berger) via improper control of filenames for include/require statements. The issue affects Berger versions up to 1.1.1 and is listed with a high impact by CVSS (C/H, I/H, A/H) and a network attack vector,...

CVE-2025-68510

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...

EUVD-2025-204184

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through = 1.15...

CVE-2025-58927

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...

CVE-2025-58706 WordPress Woo Hoo theme <= 1.25 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through = 1.25...

ROS-20250812-01

A vulnerability in the Guzzle HTTP client library of the PHP programming language interpreter is related to an incorrectly implemented security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information Vulnerability i...

CVE-2025-49070 WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through 6.4.1...

CVE-2025-32298 WordPress CTUsers plugin <= 1.0.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through = 1.0.0...

CVE-2025-52729

CVE-2025-52729 is a Local File Inclusion vulnerability in the Diza WordPress theme (thembay) via improper control of filenames for PHP include/require. Affected versions are Diza

CVE-2025-28991 WordPress Evon theme <= 3.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Evon snsevon allows PHP Local File Inclusion.This issue affects Evon: from n/a through = 3.4...

CVE-2025-32309 WordPress Healsoul theme <= 2.2.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through = 2.2.3...

CVE-2025-26735 WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9...

php: Leak partial content of the heap through heap buffer over-read in mysqlnd

A flaw was found in the PHP MySQL client library. This vulnerability allows a hostile MySQL server to disclose the content of the client's heap, potentially exposing data from other SQL requests and other users of the same server via malicious server interactions...

CVE-2025-47494 WordPress EventON plugin <= 2.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4.1...

CVE-2025-47439 WordPress Download Monitor plugin <= 5.0.22 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File Inclusion.This issue affects Download Monitor: from n/a through = 5.0.22...

ROS-20250430-10

The vulnerability in the PHP programming language interpreter is related to flaws in header processing of of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP Request Smuggling attack. hidden HTTP request HTTP Request...