CVE-2025-68543

CVE-2025-68543: Local File Inclusion in WordPress theme Diza (thembay) up to version 1.3.15 due to improper control of include/require filenames. Affected: Diza

CVE-2025-67992 WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through 2.1...

CVE-2025-67981 WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through = 2.3.15...

CVE-2025-67988 WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through 1.9.1...

CVE-2025-67982 WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

PT-2026-21202

Name of the Vulnerable Software and Affected Versions Jetpack CRM versions through 6.7.0 Description A flaw exists in Automattic Jetpack CRM that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue impacts the software when handling...

PT-2026-21211

Name of the Vulnerable Software and Affected Versions axiomthemes Redy versions through 1.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local File Inclusion. The issue is identified as a PHP Remote...

PT-2026-21220

Name of the Vulnerable Software and Affected Versions AncoraThemes Saveo versions through 1.1.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2026-21212

Name of the Vulnerable Software and Affected Versions AncoraThemes Ironfit versions through 1.5 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...

PT-2026-21180

Name of the Vulnerable Software and Affected Versions ThemeREX Cobble versions through 1.7 Description A flaw exists in ThemeREX Cobble that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote File Inclusio...

PT-2026-21092

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through = 1.3.14...

PT-2026-21168

Name of the Vulnerable Software and Affected Versions whatwouldjessedo Simple Retail Menus versions through 4.2.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP...

PT-2026-21217

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through = 1.2.2...

PT-2026-21093

Name of the Vulnerable Software and Affected Versions thembay Fana versions through 1.1.35 Description An issue exists in thembay Fana related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion. This allows for potential unauthorized access or...

PT-2026-21179

Name of the Vulnerable Software and Affected Versions ThemeREX Plank versions through 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations...

WordPress plugin VidoRev 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-21187

Name of the Vulnerable Software and Affected Versions ThemeREX FreightCo versions through 1.1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendatio...

PT-2026-21181

Name of the Vulnerable Software and Affected Versions ThemeREX Yokoo versions through 1.1.11 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...

PT-2026-21178

Name of the Vulnerable Software and Affected Versions ThemeREX Tint versions through 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations Upda...