8799 matches found
CVE-2025-12550
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affects OchaHouse: from n/a through = 2.2.8...
CVE-2025-67935
CVE-2025-67935 relates to the Mikado-Themes Optimize/optimizewp WordPress theme. The issue is Local File Inclusion via Improper Control of Filename for Include/Require in PHP, enabling an attacker to include local PHP files. Affected: Optimize theme versions before 2.4. Impact is consistent with ...
CVE-2025-67935 WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...
CVE-2025-67936 WordPress Curly theme < 3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...
CVE-2025-67936 WordPress Curly theme < 3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...
CVE-2025-67925 WordPress Corpkit theme <= 2.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through = 2.0...
CVE-2025-67925
CVE-2025-67925: Corpkit (ZozoThemes Corpkit WordPress theme) <= 2.0 authenticated Local File Inclusion via include/require, enabling PHP Local File Inclusion. Root cause: improper handling of file paths in Corpkit; impact: arbitrary local file access. Affected Software: Corpkit - Business Cons...
CVE-2025-67920 WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through 1.2...
CVE-2025-14430
CVE-2025-14430 affects the Brook WordPress theme (ThemeMove Brook) and is due to Improper Control of Filename for Include/Require Statement in PHP (PHP Local File Inclusion). The description indicates Brook
CVE-2025-14431 WordPress Navian theme <= 1.5.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through = 1.5.4...
CVE-2025-22707 WordPress Moody theme <= 2.7.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through = 2.7.3...
CVE-2025-22708 WordPress Mitech theme <= 2.3.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through = 2.3.4...
CVE-2025-22707
CVE-2025-22707 corresponds to a WordPress tm-moody (ThemeMove Moody) vulnerability that enables an unauthenticated Local File Inclusion (LFI) due to improper handling of include/require filename parameters. The Moody theme is listed as affected up to version 2.7.3, and the Wordfence report notes ...
CVE-2025-12550
CVE-2025-12550 refers to an unauthenticated Local File Inclusion in the OchaHouse WordPress theme by jwsthemes. The root cause is Improper Control of Filename for Include/Require statements in PHP, enabling LFI. Affected software is OchaHouse (WordPress Theme) versioned at or before 2.2.8 (inclus...
CVE-2025-69356
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...
CVE-2025-69083
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Frappé frappe allows PHP Local File Inclusion.This issue affects Frappé: from n/a through = 1.8...
PT-2026-1910
Name of the Vulnerable Software and Affected Versions Mikado-Themes Optimize versions prior to 2.4 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files,...
PT-2026-1909
Name of the Vulnerable Software and Affected Versions Mikado-Themes Wellspring versions prior to 2.8 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...
WordPress plugin Optimize 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2026-1912
Name of the Vulnerable Software and Affected Versions Mikado-Themes Hendon versions prior to 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...