CVE-2025-60074 WordPress Lazy Load Optimizer plugin <= 1.4.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion.This issue affects Lazy Load Optimizer: from n/a through = 1.4.7...

CVE-2025-12497 Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path]

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'argsextratemplatepath' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

CVE-2025-11920

CVE-2025-11920 – Local File Inclusion in WPCOM Member plugin for WordPress (versions up to 1.7.14) via the shortcode action parameter. Authenticated attackers with Contributor+ access can include/execute server-side PHP files, enabling code execution in scenarios where PHP files can be uploaded a...

CVE-2025-56399

alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution RCE through a crafted file upload. A file with a '.png extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side...

📄 WBCE CMS 1.6.4 Remote Code Execution

WBCE CMS version 1.6.4 contains a critical remote code execution vulnerability in the Droplets module. Authenticated attackers with administrator privileges can inject and execute arbitrary PHP code, leading to complete system compromise. Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date...

CVE-2025-62429

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/adminarea/actions/updatelaunch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is n...

CVE-2025-62429

Summary: CVE-2025-62429 affects ClipBucket v5 prior to 5.5.2 #147. The flaw resides in /upload/admin_area/actions/update_launch.php where the POST parameter "type" is embedded into PHP tags without proper sanitization, allowing an attacker to execute arbitrary PHP code (RCE). The vulnerability is...

WordPress Bei Fen plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The ordPress Bei Fen plugin has a file inclusion vulnerability that stems from not doing effective filtering of local file resource calls, which can be exploited by an attacker ...

EUVD-2020-5024

Malware in sbrugna...

EUVD-2018-12387

Malware in sbrugna...

EUVD-2025-26999

Malicious code in bioql PyPI...

CVE-2025-10050

The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabledloggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute...

Remote Code Execution (RCE)

unopim/unopim is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input validation because the image upload on user creation performs only client-side file type checks, allowing an attacker to modify a captured upload change extension and content to .php and execute...

osCommerce 安全漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license from osCommerce, Inc. A security vulnerability exists in osCommerce 2.2 RC2a and earlier versions, which stems from a lack of input validation and access control in the Manage File Manager tool, and could...

CVE-2025-9874

CVE-2025-9874 : The WordPress plugin Ultimate Classified Listings (versions up to and including 1.6) is affected by a Local File Inclusion vulnerability via the shortcode uclwp_dashboard. Authenticated attackers with Contributor-level access or higher can include and execute arbitrary PHP files o...

PT-2025-33591 · WordPress · Soledad

Name of the Vulnerable Software and Affected Versions: Soledad theme for WordPress versions through 8.6.7 Description: The Soledad theme for WordPress is susceptible to a Local File Inclusion issue via the header layout parameter. This allows authenticated attackers with Contributor-level access ...

WordPress plugin IDonatePro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-6715

The CVE-2025-6715 entry concerns the LatePoint WordPress plugin, affected versions prior to 5.1.94. The vulnerability is Local File Inclusion via the layout parameter, enabling an attacker to include and execute PHP files on the server and thus run arbitrary PHP code. The issue is rooted in insuf...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

WordPress plugin Subscribe to Comments security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...