CVE-2025-14430

CVE-2025-14430 affects the Brook WordPress theme (ThemeMove Brook) and is due to Improper Control of Filename for Include/Require Statement in PHP (PHP Local File Inclusion). The description indicates Brook

CVE-2025-14431 WordPress Navian theme <= 1.5.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through = 1.5.4...

CVE-2025-22708 WordPress Mitech theme <= 2.3.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through = 2.3.4...

CVE-2025-22707 WordPress Moody theme <= 2.7.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through = 2.7.3...

CVE-2025-12550

CVE-2025-12550 refers to an unauthenticated Local File Inclusion in the OchaHouse WordPress theme by jwsthemes. The root cause is Improper Control of Filename for Include/Require statements in PHP, enabling LFI. Affected software is OchaHouse (WordPress Theme) versioned at or before 2.2.8 (inclus...

CVE-2025-69356

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

CVE-2025-69083

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Frappé frappe allows PHP Local File Inclusion.This issue affects Frappé: from n/a through = 1.8...

PT-2026-1786

Name of the Vulnerable Software and Affected Versions ThemeMove Mitech versions prior to 2.3.5 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2026-1910

Name of the Vulnerable Software and Affected Versions Mikado-Themes Optimize versions prior to 2.4 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files,...

PT-2026-1912

Name of the Vulnerable Software and Affected Versions Mikado-Themes Hendon versions prior to 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...

PT-2026-2197

Name of the Vulnerable Software and Affected Versions Handmade Framework versions through 3.9 Description The software contains a flaw related to improper control of filenames used in include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local...

WordPress plugin Optimize 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1909

Name of the Vulnerable Software and Affected Versions Mikado-Themes Wellspring versions prior to 2.8 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...

CVE-2025-69080

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JanStudio Gecko gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through = 1.9.8...

CVE-2025-69080

CVE-2025-69080 affects JanStudio Gecko (Gecko theme) up to v1.9.8. Describes Improper Control of Filename for Include/Require leading to PHP Local File Inclusion; Red Hat lists Gecko

CVE-2025-69080 WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JanStudio Gecko gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through = 1.9.8...

CVE-2025-69081 WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through = 3.0.0...

CVE-2019-16951

A remote file include RFI issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST request is sent, it retrieves an attacker's data and displays it. Also worth mentioning is the amou...

WordPress plugin Hope 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-32304 WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0...