126 matches found
CVE-2026-22516
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...
CVE-2026-30701
The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...
EUVD-2026-15532
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...
CVE-2026-25379
CVE-2026-25379 is a local file inclusion vulnerability affecting the StreamVid WordPress theme (StreamVid) prior to version 6.8.6. The root cause is improper control of the filename used by PHP include/require statements, enabling an attacker to perform a PHP Local File Inclusion (LFI) via the St...
CVE-2026-22506
CVE-2026-22506 refers to a Local File Inclusion in the WordPress Amoli theme (Elated-Themes Amoli) via improper control of filename for include/Require in PHP. Affected: Amoli versions through 1.0 (
CVE-2026-30701
The web interface of the WiFi Extender WDR201A HW V2.1, FW LFMZX28040922V1.02 contains hardcoded credential disclosure mechanisms in the form of Server Side Include within multiple server-side web pages, including login.shtml and settings.shtml. These pages embed server-side execution directives...
CVE-2026-28051
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue affects Yacht Rental: from n/a through = 2.6...
CVE-2026-28093
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Ozisti ozisti allows PHP Local File Inclusion.This issue affects Ozisti: from n/a through = 1.1.10...
CVE-2026-22431
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wabi-Sabi wabi-sabi allows PHP Local File Inclusion.This issue affects Wabi-Sabi: from n/a through = 1.2...
CVE-2026-28128
CVE-2026-28128 is a Local File Inclusion vulnerability in the ThemeREX Verse WordPress theme (Verse) due to improper control of filenames for include/require statements. Affected: Verse versions up to and including 1.7.0. Public sources (NVD/CVEs, Red Hat, CVE/CIRCL, PatchStack, Wordfence) consis...
CVE-2026-28094 WordPress RexCoin theme <= 1.2.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX RexCoin rexcoin allows PHP Local File Inclusion.This issue affects RexCoin: from n/a through = 1.2.6...
CVE-2026-28065 WordPress Eject theme <= 2.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Eject eject allows PHP Local File Inclusion.This issue affects Eject: from n/a through = 2.17...
CVE-2026-28027
CVE-2026-28027 concerns the ThemeREX Kayon WordPress theme (Kayon) up to version 1.3, where an improper control of filenames for PHP include/require statements enables a PHP Local File Inclusion (LFI) vulnerability. The issue is described as affecting Kayon from n/a through <= 1.3 and is liste...
CVE-2026-27992
CVE-2026-27992 is a Local File Inclusion in ThemeREX Meals & Wheels meals-wheels (
CVE-2026-27336
CVE-2026-27336 details a Local File Inclusion in the AncoraThemes Consultor WordPress Theme (versions
CVE-2026-22456 WordPress Askka theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Askka askka allows PHP Local File Inclusion.This issue affects Askka: from n/a through = 1.0...
CVE-2026-22452 WordPress Hoverex theme <= 1.5.10 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Hoverex hoverex allows PHP Local File Inclusion.This issue affects Hoverex: from n/a through = 1.5.10...
CVE-2026-22449
CVE-2026-22449 affects WordPress theme Don Peppe (Don Peppe: <= 1.3). The vulnerability is a PHP Local File Inclusion caused by Improper Control of Filename for Include/Require (PHP Remote File Inclusion). Wordfence notes this as an unauthenticated LFI vulnerability and indicates it remains un...
CVE-2026-22387 WordPress Aviana theme <= 2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects Aviana: from n/a through = 2.1...
CVE-2025-69406
CVE-2025-69406 is a Local File Inclusion vulnerability in the WordPress theme FreightCo (ThemeREX FreightCo) up to version 1.1.7. The Red Hat, NVD/NVD mirror and CVE records consistently describe an Improper Control of Filename for Include/Require in PHP (“PHP Remote File Inclusion”) that allows ...