EUVD-2026-9750

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Marcell marcell allows PHP Local File Inclusion.This issue affects Marcell: from n/a through = 1.2.14...

CVE-2026-28095

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Marcell marcell allows PHP Local File Inclusion.This issue affects Marcell: from n/a through = 1.2.14...

CVE-2026-28095 WordPress Marcell theme <= 1.2.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Marcell marcell allows PHP Local File Inclusion.This issue affects Marcell: from n/a through = 1.2.14...

PT-2026-23370

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Marcell marcell allows PHP Local File Inclusion.This issue affects Marcell: from n/a through = 1.2.14...

CVE-2025-68545

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through = 1.2.14...

CVE-2025-68545

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through = 1.2.14...

CVE-2025-68545 WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through = 1.2.14...

CVE-2025-68545

CVE-2025-68545 is a Local File Inclusion vulnerability in the WordPress Nika theme (thembay Nika) affecting versions up to and including 1.2.14, caused by improper control of filenames in include/require statements. The issue is categorized as a PHP Local File Inclusion vulnerability (also descri...

WordPress plugin Nika 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nika versions = 1.2.14...

CVE-2022-0750

The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnailwidth, thumbnailheight, maximagewidth, and maximageheight parameters found in the /photoswipe-masonry.php file which allows authenticated attackers t...

CVE-2025-68546

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through = 1.2.14...

WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nika versions = 1.2.14...

EUVD-2025-32230

Malicious code in bioql PyPI...

CVE-2025-6388

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...

CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...

CVE-2025-6388 Spirit Framework <= 1.2.14 - Authentication Bypass to Account Takeover and Privilege Escalation

The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the customactions function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated...

CVE-2025-6388

CVE-2025-6388 : Spirit Framework plugin for WordPress has an authentication bypass in all versions up to 1.2.14 due to improper validation in the custom_actions() function, enabling unauthenticated attackers who know an admin username to log in as any user (including administrators). Multiple con...

PT-2025-40464

Name of the Vulnerable Software and Affected Versions Spirit Framework plugin for WordPress versions through 1.2.14 Description The Spirit Framework plugin for WordPress is susceptible to an authentication bypass. This occurs because the custom actions function does not adequately validate user...

CVE-2025-0878

The CVE-2025-0878 entry describes an XSS vulnerability in Akinsoft LimonDesk due to improper input neutralization during web page generation, affecting LimonDesk versions from s1.02.14 up to before v1.02.17. The underlying issue is in how user-supplied input is handled when generating web pages, ...