CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/01/22 4:51 p.m.•17 views

CVE-2025-67616 WordPress Mella theme <= 1.2.29 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through = 1.2.29...

8.1CVSS0.00541EPSS

CVE•added 2026/01/22 4:51 p.m.•8 views

CVE-2025-63017

CVE-2025-63017 affects the WordPress WerkStatt Plugin (werkstatt-plugin) up to version 1.6.6, with an improper control of filename in include/require (Local File Inclusion). The Red Hat/NVD entries and PatchStack/Wordfence references corroborate this LFI issue for WerkStatt

7.5CVSS5.5AI score0.00515EPSS

ATTACKERKB•added 2026/01/22 4:51 p.m.•2 views

CVE-2025-63017

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.This issue affects WerkStatt Plugin: from n/a through = 1.6.6...

7.5CVSS5.4AI score0.00515EPSS

CVE•added 2026/01/22 4:51 p.m.•9 views

CVE-2025-54003

CVE-2025-54003 : Affected product is Mikado-Themes Depot (WordPress theme) with Depot depot. The issue is an improper filename control in include/require handling, enabling PHP Local File Inclusion (LFI). Affects Depot versions from n/a through

8.1CVSS5.5AI score0.00504EPSS

ATTACKERKB•added 2026/01/22 4:51 p.m.•2 views

CVE-2025-54003

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through = 1.16...

9.8CVSS5.4AI score0.00504EPSS

CVE•added 2026/01/22 4:51 p.m.•10 views

CVE-2025-50003

CVE-2025-50003 — Amuli WordPress Theme Local File Inclusion (LFI) Affects: Amuli WordPress Theme (Amuli) vulnerable component: PHP code handling Include/Require statements.Root cause: Improper control of filename for include/require, enabling PHP Local File Inclusion.Impact: Local file disclosure...

8.1CVSS5.5AI score0.00504EPSS

CVE•added 2026/01/22 4:51 p.m.•8 views

CVE-2025-49994

CVE-2025-49994 affects the WordPress Athens theme (ovatheme Athens) prior to or equal to version 1.1.6, enabling unauthenticated Local File Inclusion via improper control of filename in Include/Require statements (PHP Remote File Inclusion). Publicly documented in NVD/Red Hat/ENISA and reflected ...

8.1CVSS5.5AI score0.00519EPSS

ATTACKERKB•added 2026/01/22 4:51 p.m.•1 views

CVE-2025-50003

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through = 2.3.0...

9.8CVSS5.4AI score0.00504EPSS

ATTACKERKB•added 2026/01/22 4:51 p.m.•3 views

CVE-2025-47474

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ninetheme Anarkali anarkali allows PHP Local File Inclusion.This issue affects Anarkali: from n/a through = 1.0.9...

9.8CVSS5.4AI score0.00561EPSS

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-4137

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through = 1.6...

Positive Technologies•added 2026/01/22 12:0 a.m.•5 views

PT-2026-4078

Name of the Vulnerable Software and Affected Versions ThemeGoods Photography versions prior to 7.7.5 Description The software contains a flaw due to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusio...

Positive Technologies•added 2026/01/22 12:0 a.m.•3 views

PT-2026-4164

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through = 1.3.3...

5.5AI score0.00512EPSS

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-4153

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This issue affects Indoor Plants: from n/a through = 1.2.7...

5.5AI score0.00512EPSS

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-4125

Name of the Vulnerable Software and Affected Versions Pippo versions through 1.2.3 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-4149

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through = 1.2.15...

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-4163

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo: from n/a through = 1.0.10...

Positive Technologies•added 2026/01/22 12:0 a.m.•3 views

PT-2026-4126

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through = 1.3.6...

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-4134

Name of the Vulnerable Software and Affected Versions WebGeniusLab iRecco Core versions through 1.3.6 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion...

Positive Technologies•added 2026/01/22 12:0 a.m.•3 views

PT-2026-4138

Name of the Vulnerable Software and Affected Versions Edge-Themes Overworld versions through 1.3 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...