CVE-2025-67940 WordPress Powerlift theme < 3.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through 3.2.1...

CVE-2025-67940

CVE-2025-67940 — Mikado-Themes Powerlift Local File Inclusion (LFI) Description in sources confirms an improper control of filenames for include/require in the PHP code, enabling PHP Local File Inclusion via PHP Remote File Inclusion vectors. The vulnerability affects Powerlift versions before 3....

CVE-2025-66532

CVE-2025-66532 describes a Missing Authorization/Broken Access Control vulnerability in the WordPress theme Powerlift (Mikado-Themes) prior to version 3.2.1. Public detail indicates an access-control weakness that enables bypassing configured security levels. Affected software is the Powerlift Wo...

CVE-2025-66532 WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through 3.2.1...

WordPress Powerlift theme < 3.2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Powerlift versions 3.2.1...