CVE-2025-49892

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through = 1.3.3...

CVE-2025-49892

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through = 1.3.3...

CVE-2025-49892

CVE-2025-49892 describes an LFI (Local File Inclusion) in the WordPress plugin Uxper Booking (uxper-booking) up to version 1.3.3. The vulnerability arises from improper control of filename handling in PHP include/require statements, allowing an attacker to include local files via crafted input. I...

PT-2025-33960 · WordPress · Badasswp Pending Order Bot

Name of the Vulnerable Software and Affected Versions: badasswp Pending Order Bot versions through 1.0.2 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, leading to a Stored Cross-site Scripting condition. This allows for the injection of...