417 matches found
PT-2026-21217
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through = 1.2.2...
PT-2026-21179
Name of the Vulnerable Software and Affected Versions ThemeREX Plank versions through 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations...
PT-2026-21181
Name of the Vulnerable Software and Affected Versions ThemeREX Yokoo versions through 1.1.11 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...
PT-2026-21188
Name of the Vulnerable Software and Affected Versions Select-Themes Struktur versions through 2.5.1 Description The software contains a flaw related to improper control of filenames used in include/require statements, potentially leading to PHP Local File Inclusion. This allows an attacker to...
CVE-2026-25027 WordPress Unicamp theme <= 2.7.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through = 2.7.1...
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13...
CVE-2025-69062
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Weedles weedles allows PHP Local File Inclusion.This issue affects Weedles: from n/a through = 1.1.12...
CVE-2025-67946
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through = 6.0.11...
CVE-2025-68510
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...
CVE-2026-24531
CVE-2026-24531 affects the WordPress theme Select-Themes Prowess (versions <= 2.3). The vulnerability is an Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion leading to Local File Inclusion, LFI). Public sources in the connected docs describe an LFI conditio...
CVE-2026-23975
CVE-2026-23975 is a WordPress Golo theme vulnerability (Golo
CVE-2026-22402
CVE-2026-22402 describes an improper filename control in the WordPress theme Triply (Triply Tour Booking) that enables PHP Local File Inclusion (LFI) via include/require. Affected: Triply versions from n/a through 2.4.7. Root cause: improper validation of included file paths, allowing an attacker...
CVE-2025-69073 WordPress Piqes theme <= 1.0.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Piqes piqes allows PHP Local File Inclusion.This issue affects Piqes: from n/a through = 1.0.11...
CVE-2025-69064 WordPress Pets Land theme <= 1.2.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pets Land petsland allows PHP Local File Inclusion.This issue affects Pets Land: from n/a through = 1.2.8...
CVE-2025-69040
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through = 1.2.1...
CVE-2025-69004 WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...
CVE-2025-67941
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through 2.9.1...
CVE-2025-50003
CVE-2025-50003 — Amuli WordPress Theme Local File Inclusion (LFI) Affects: Amuli WordPress Theme (Amuli) vulnerable component: PHP code handling Include/Require statements.Root cause: Improper control of filename for include/require, enabling PHP Local File Inclusion.Impact: Local file disclosure...
PT-2026-4164
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through = 1.3.3...
PT-2026-4146
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through = 1.1.15...