CVE-2025-69395 WordPress Gable theme <= 1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Gable gable allows PHP Local File Inclusion.This issue affects Gable: from n/a through = 1.5...

CVE-2025-69398

CVE-2025-69398 describes a Local File Inclusion in the WordPress Theme Plank (ThemeREX Plank) up to version 1.7, caused by improper control of the filename used in Include/Require statements. The Red Hat/PatchStack entries corroborate that Plank

CVE-2025-69397 WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tint tint allows PHP Local File Inclusion.This issue affects Tint: from n/a through = 1.7...

CVE-2025-69374 WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SolverWp Eleblog – Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog – Elementor Blog And Magazine Addons: from n/a through =...

CVE-2025-69373

CVE-2025-69373 is a local-file-include vulnerability in the WordPress VidoRev theme (vidorev) affecting versions up to 2.9.9.9.9.9.7. Descriptions across sources indicate an Improper Control of Filename for Include/Require in PHP (PHP Remote File Inclusion) enabling PHP Local File Inclusion. Publ...

CVE-2025-68841

CVE-2025-68841 refers to the TopperPack – Complete Elementor Addons, Theme & CPT Builder plugin (

CVE-2025-68543

CVE-2025-68543: Local File Inclusion in WordPress theme Diza (thembay) up to version 1.3.15 due to improper control of include/require filenames. Affected: Diza

CVE-2025-67992 WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through 2.1...

CVE-2025-67988 WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through 1.9.1...

CVE-2025-67981 WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through = 2.3.15...

CVE-2025-67982 WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...

CVE-2026-27174

MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...

PT-2026-21202

Name of the Vulnerable Software and Affected Versions Jetpack CRM versions through 6.7.0 Description A flaw exists in Automattic Jetpack CRM that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue impacts the software when handling...

PT-2026-21211

Name of the Vulnerable Software and Affected Versions axiomthemes Redy versions through 1.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local File Inclusion. The issue is identified as a PHP Remote...

PT-2026-21220

Name of the Vulnerable Software and Affected Versions AncoraThemes Saveo versions through 1.1.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2026-21180

Name of the Vulnerable Software and Affected Versions ThemeREX Cobble versions through 1.7 Description A flaw exists in ThemeREX Cobble that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue is related to a 'PHP Remote File Inclusio...

PT-2026-21092

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through = 1.3.14...

PT-2026-21212

Name of the Vulnerable Software and Affected Versions AncoraThemes Ironfit versions through 1.5 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...

PT-2026-21187

Name of the Vulnerable Software and Affected Versions ThemeREX FreightCo versions through 1.1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendatio...

PT-2026-21178

Name of the Vulnerable Software and Affected Versions ThemeREX Tint versions through 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendations Upda...