PT-2026-45740

Name of the Vulnerable Software and Affected Versions Axiomthemes Spin versions prior to 1.8 Description Improper control of filename for include/require statements in the PHP program allows for Local File Inclusion. This occurs when the application fails to properly validate the file path used i...

PT-2026-39407

Name of the Vulnerable Software and Affected Versions osTicket versions prior to 1.18.4 Description A cross-site request forgery issue exists in the Dispatcher component within the include/class.dispatcher.php file. The flaw allows remote exploitation through the manipulation of the method...

EUVD-2026-15740

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

EUVD-2026-13111

Devome GRR v4.5.0 was discovered to contain multiple authenticated SQL injection vulnerabilities in the include/session.inc.php file via the referer and user-agent...

EUVD-2026-9744

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects Daiquiri: from n/a through = 1.2.4...

CVE-2026-28094

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX RexCoin rexcoin allows PHP Local File Inclusion.This issue affects RexCoin: from n/a through = 1.2.6...

CVE-2026-28022

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Foodie foodie allows PHP Local File Inclusion.This issue affects Foodie: from n/a through = 1.14...

WordPress plugin Dermatology Clinic 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-23392

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue affects Dr.Patterson: from n/a through = 1.3.2...

PT-2026-23326

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Law Office law-office allows PHP Local File Inclusion.This issue affects Law Office: from n/a through = 3.3.0...

PT-2026-23306

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Helion helion allows PHP Local File Inclusion.This issue affects Helion: from n/a through = 1.1.12...

CVE-2025-54003

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through = 1.16...

CVE-2026-23978

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through = 2.2.1...

CVE-2025-53434

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes ChildHope childhope allows PHP Local File Inclusion.This issue affects ChildHope: from n/a through = 1.1.8...

CVE-2025-58893

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through = 1.6.1...

CVE-2025-49943

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Femme femme allows PHP Local File Inclusion.This issue affects Femme: from n/a through = 1.3.11...

EUVD-2025-204143

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chinchilla chinchilla allows PHP Local File Inclusion.This issue affects Chinchilla: from n/a through = 1.16...

CVE-2025-53435 WordPress Plan My Day theme <= 1.1.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Plan My Day planmyday allows PHP Local File Inclusion.This issue affects Plan My Day: from n/a through = 1.1.13...

PT-2025-52042

Name of the Vulnerable Software and Affected Versions axiomthemes Rally versions through 1.1 Description A flaw exists in axiomthemes Rally related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2025-52029

Name of the Vulnerable Software and Affected Versions AncoraThemes EasyEat versions through 1.9.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...