CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2025-49360

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This issue affects Militarology: from n/a through = 1.0.15...

8.1CVSS0.00519EPSS

CVE-2025-49364

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.This issue affects Ludos Paradise: from n/a through = 2.1.3...

CVE-2025-49363

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through = 1.1.16...

8.1CVSS0.00557EPSS

CVE-2025-49366

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hanani hanani allows PHP Local File Inclusion.This issue affects Hanani: from n/a through = 1.2.11...

8.1CVSS0.00445EPSS

Cvelist•added 2025/12/18 7:22 a.m.•24 views

CVE-2025-64373 WordPress Traveler theme < 3.2.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through 3.2.6...

8.1CVSS0.00337EPSS

EUVD•added 2025/12/18 7:22 a.m.•2 views

EUVD-2025-204059

8.1CVSS6.6AI score0.00337EPSS

Exploits0References2

CVE•added 2025/12/18 7:22 a.m.•25 views

CVE-2025-64377

CVE-2025-64377 is a Local File Inclusion vulnerability in the WordPress ListingPro theme for versions prior to 2.9.10, caused by improper filename control in include/require statements in PHP. The issue affects ListingPro: from n/a through

8.1CVSS6.7AI score0.00344EPSS

In wildExploits0References1

Vulnrichment•added 2025/12/18 7:22 a.m.•1 views

CVE-2025-64223 WordPress PenNews theme < 6.7.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in PenciDesign PenNews pennews allows PHP Local File Inclusion.This issue affects PenNews: from n/a through 6.7.3...

8.1CVSS6.7AI score0.00415EPSS

Cvelist•added 2025/12/18 7:22 a.m.•26 views

CVE-2025-64205 WordPress Jannah theme <= 7.6.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.0...

8.1CVSS0.00344EPSS

CVE•added 2025/12/18 7:22 a.m.•7 views

CVE-2025-64193

CVE-2025-64193 affects WordPress XStore plugin vulnerabilities: an improper control of filenames for PHP include/require leads to Local File Inclusion in XStore versions prior to 9.6.1. The issue is described as a PHP Remote File Inclusion-type flaw that enables LFI within the XStore code path. A...

7.5CVSS6.7AI score0.00381EPSS

CVE•added 2025/12/18 7:22 a.m.•11 views

CVE-2025-6326

CVE-2025-6326 affects WordPress Inset theme (and related Inset components) up to version 1.18.0, exposing a PHP Local File Inclusion via improper control of the filename for include/require. The vulnerability enables access to local files due to an insecure inclusion mechanism. The provided docum...

8.1CVSS6.7AI score0.00344EPSS

Vulnrichment•added 2025/12/18 7:22 a.m.•2 views

CVE-2025-6326 WordPress Inset theme <= 1.18.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from n/a through = 1.18.0...

8.1CVSS6.7AI score0.00344EPSS

CVE•added 2025/12/18 7:22 a.m.•9 views

CVE-2025-60067

CVE-2025-60067 is a local/file inclusion vulnerability in the WordPress Giardino theme (versions <= 1.1.10). The issue is described as Improper Control of Filename for Include/Require Statement in PHP, enabling PHP Local File Inclusion. Affected product/component: WordPress Giardino theme; roo...

8.1CVSS6.7AI score0.00415EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/18 7:22 a.m.•19 views

CVE-2025-60067 WordPress Giardino theme <= 1.1.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Giardino giardino allows PHP Local File Inclusion.This issue affects Giardino: from n/a through = 1.1.10...

CVE•added 2025/12/18 7:22 a.m.•10 views

CVE-2025-60064

CVE-2025-60064 describes a PHP Local File Inclusion in the WordPress Renewal theme (versions <= 1.2.2) due to improper control of filenames for include/require. The issue affects Renewal; CVSS 3.1 base score 8.1 (HIGH) with network attack vector, no privileges required, user interaction requir...

8.1CVSS6.7AI score0.00415EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/18 7:22 a.m.•23 views

CVE-2025-60066 WordPress Katelyn theme <= 1.0.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Katelyn katelyn allows PHP Local File Inclusion.This issue affects Katelyn: from n/a through = 1.0.10...

Cvelist•added 2025/12/18 7:22 a.m.•25 views

CVE-2025-60065 WordPress Pinevale theme <= 1.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Pinevale pinevale allows PHP Local File Inclusion.This issue affects Pinevale: from n/a through = 1.0.14...

Cvelist•added 2025/12/18 7:22 a.m.•22 views

CVE-2025-60064 WordPress Renewal theme <= 1.2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Renewal renewal allows PHP Local File Inclusion.This issue affects Renewal: from n/a through = 1.2.2...

Cvelist•added 2025/12/18 7:22 a.m.•22 views

CVE-2025-60063 WordPress Rosalinda theme <= 1.2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Rosalinda rosalinda allows PHP Local File Inclusion.This issue affects Rosalinda: from n/a through = 1.2.3...

8.1CVSS0.00424EPSS