The vulnerability of the `include` function in the Web Directory Free plugin of the WordPress content management system arises from an incorrect limitation on the path to the restricted catalog. This allows attackers to execute arbitrary code.

The vulnerability of the include function in the Web Directory Free plugin of the WordPress content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

CVE-2025-30595

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30595 WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30595 WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30595

CVE-2025-30595 describes a stored XSS in the WordPress project/component named "include-file" due to improper input neutralization during web page generation. Affected: include-file (WordPress plugin/component named include-file). Exploitation details are not provided beyond the stored XSS classi...

CVE-2025-30593

CVE-2025-30593: Stored XSS in the Include URL WordPress plugin (Include URL) affecting versions up to 0.3.5. The vulnerability arises from improper input neutralization during web page generation, enabling attacker-supplied scripts when the page is viewed. The CVSS vector indicates network access...

CVE-2025-30593 WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through = 0.3.5...

CVE-2025-30593 WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through = 0.3.5...

WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

WordPress Include URL plugin = 0.3.5 Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin Include URL versions = 0.3.5...

WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

WordPress include-file plugin = 1 Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin include-file versions = 1...

WordPress plugin include-file 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Include URL 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

The vulnerability of the bpf_ctx_narrow_access_offset() function in the include/linux/filter.h module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the bpfctxnarrowaccessoffset function in the include/linux/filter.h module of the Linux kernel is related to the copying of a buffer without checking its size a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to cause a system failure...

CVE-2024-51319

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...

CVE-2024-51319

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...

CVE-2024-51319

CVE-2024-51319 : A local file inclusion in Zucchetti Ad Hoc Infinity 2.4’s /servlet/Report, exploited by uploading a JSP web/reverse shell through /jsp/zimg_upload.jsp, allows an authenticated attacker to achieve Remote Code Execution. The vulnerability is locally exploitable with LOW user intera...

WordPress plugin Review Schema 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Linux Distros Unpatched Vulnerability : CVE-2025-22145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if...

Information Exposure

Overview unstructured is an A library that prepares raw documents for downstream ML tasks. Affected versions of this package are vulnerable to Information Exposure when the filetype supports an include functionality, it is possible to partition arbitrary local files. This vulnerability specifical...

GHSA-P75G-CXFJ-7WRX Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro

Summary If untrusted user input is used to dynamically create a PebbleTemplate with the method PebbleEnginegetLiteralTemplate, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of...