EUVD-2026-15495

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gaspard gaspard allows PHP Local File Inclusion.This issue affects Gaspard: from n/a through = 1.3...

EUVD-2026-9530

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through = 1.5.1...

CVE-2026-28050 WordPress Beacon theme <= 2.24 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beacon: from n/a through = 2.24...

WordPress plugin Asia Garden 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-67982 WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...

PT-2026-21211

Name of the Vulnerable Software and Affected Versions axiomthemes Redy versions through 1.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local File Inclusion. The issue is identified as a PHP Remote...

CVE-2026-27343

CVE-2026-27343 affects WordPress Airtifact theme versions

WordPress plugin Cinerama 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2025-204188

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Algenix algenix allows PHP Local File Inclusion.This issue affects Algenix: from n/a through = 1.0...

WordPress plugin Lymcoin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-47696

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

CVE-2025-53334

CVE-2025-53334 is a Local File Inclusion vulnerability in the WordPress Jannah theme (

CVE-2025-48149 WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through = 1.2.3...

CVE-2025-48157 WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through = 1.5.9...

CVE-2025-28979

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3...

CVE-2025-54689

CVE-2025-54689 affects the WordPress theme Urna (thembay Urna) up to version 2.5.7 and is caused by an improper control of the filename for include/require statements, i.e., a PHP Local File Inclusion vulnerability. Public sources (Patchstack, patch details) confirm an unauthenticated Local File ...

CVE-2025-28979 WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3...