CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/01/22 4:52 p.m.•3 views

CVE-2025-69005 WordPress Search & Go theme <= 2.8 - Local File Inclusion vulnerability

8.1CVSS5.9AI score0.00222EPSS

Cvelist•added 2026/01/22 4:52 p.m.•16 views

CVE-2025-69004 WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...

8.1CVSS0.00222EPSS

Cvelist•added 2026/01/22 4:52 p.m.•14 views

CVE-2025-68913 WordPress Miion theme <= 1.2.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through = 1.2.7...

7.5CVSS0.0022EPSS

ATTACKERKB•added 2026/01/22 4:52 p.m.•2 views

CVE-2025-68913

7.5CVSS5.4AI score0.0022EPSS

ATTACKERKB•added 2026/01/22 4:52 p.m.•2 views

CVE-2025-68905

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through = 11.0.0...

7.5CVSS5.4AI score0.0022EPSS

Vulnrichment•added 2026/01/22 4:52 p.m.•2 views

CVE-2025-68510 WordPress Photography theme < 7.7.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...

5.9AI score0.00222EPSS

Cvelist•added 2026/01/22 4:51 p.m.•14 views

CVE-2025-67957 WordPress Listivo Core plugin <= 2.3.77 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through = 2.3.77...

8.1CVSS0.00222EPSS

8.1CVSS5.4AI score0.00222EPSS

CVE-2025-67941

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through 2.9.1...

Cvelist•added 2026/01/22 4:51 p.m.•14 views

CVE-2025-67938 WordPress Biagiotti theme < 3.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue affects Biagiotti: from n/a through 3.5.2...

8.1CVSS0.00066EPSS

Cvelist•added 2026/01/22 4:51 p.m.•14 views

CVE-2025-67616 WordPress Mella theme <= 1.2.29 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through = 1.2.29...

8.1CVSS0.00222EPSS

7.5CVSS5.4AI score0.00067EPSS

CVE-2025-63017

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.This issue affects WerkStatt Plugin: from n/a through = 1.6.6...

CVE•added 2026/01/22 4:51 p.m.•7 views

CVE-2025-63017

CVE-2025-63017 affects the WordPress WerkStatt Plugin (werkstatt-plugin) up to version 1.6.6, with an improper control of filename in include/require (Local File Inclusion). The Red Hat/NVD entries and PatchStack/Wordfence references corroborate this LFI issue for WerkStatt

7.5CVSS5.5AI score0.00067EPSS

CVE•added 2026/01/22 4:51 p.m.•7 views

CVE-2025-54003

CVE-2025-54003 : Affected product is Mikado-Themes Depot (WordPress theme) with Depot depot. The issue is an improper filename control in include/require handling, enabling PHP Local File Inclusion (LFI). Affects Depot versions from n/a through

8.1CVSS5.5AI score0.00222EPSS

9.8CVSS5.4AI score0.00222EPSS

CVE-2025-54003

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through = 1.16...

ATTACKERKB•added 2026/01/22 4:51 p.m.•1 views

CVE-2025-50003

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through = 2.3.0...

9.8CVSS5.4AI score0.00222EPSS

CVE•added 2026/01/22 4:51 p.m.•8 views

CVE-2025-50003

CVE-2025-50003 — Amuli WordPress Theme Local File Inclusion (LFI) Affects: Amuli WordPress Theme (Amuli) vulnerable component: PHP code handling Include/Require statements.Root cause: Improper control of filename for include/require, enabling PHP Local File Inclusion.Impact: Local file disclosure...

8.1CVSS5.5AI score0.00222EPSS

CVE•added 2026/01/22 4:51 p.m.•7 views

CVE-2025-49994

CVE-2025-49994 affects the WordPress Athens theme (ovatheme Athens) prior to or equal to version 1.1.6, enabling unauthenticated Local File Inclusion via improper control of filename in Include/Require statements (PHP Remote File Inclusion). Publicly documented in NVD/Red Hat/ENISA and reflected ...

8.1CVSS5.5AI score0.00222EPSS

9.8CVSS5.4AI score0.00066EPSS

CVE-2025-47474

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ninetheme Anarkali anarkali allows PHP Local File Inclusion.This issue affects Anarkali: from n/a through = 1.0.9...