CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

CVE-2025-58707

The CVE-2025-58707 issue is a Local File Inclusion vulnerability in the WordPress Spin theme (Spin) versions up to 1.8. It arises from improper handling of filenames for include/require statements in a PHP program, enabling PHP LFI. Affected product: Axiomthemes Spin (WordPress Spin theme

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Spin 360 deg and 3D Model Viewer versions = 1.2.7...

WordPress Spin 360 deg and 3D Model Viewer Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Spin 360 deg and 3D Model Viewer Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30559 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 26eafe92fc92 Credits LVT-tholv2k Required...