CVE-2025-54690

CVE-2025-54690 is a WordPress/Xinterio Theme

CVE-2025-54690 WordPress Xinterio Theme <= 4.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This issue affects Xinterio: from n/a through 4.2...

CVE-2025-54689

CVE-2025-54689 affects the WordPress theme Urna (thembay Urna) up to version 2.5.7 and is caused by an improper control of the filename for include/require statements, i.e., a PHP Local File Inclusion vulnerability. Public sources (Patchstack, patch details) confirm an unauthenticated Local File ...

CVE-2025-54689 WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.7...

CVE-2025-54689 WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.7...

CVE-2025-24766 WordPress News Magazine X <= 1.2.35 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a through = 1.2.37...

CVE-2025-25172

CVE-2025-25172 affects VidMov WordPress Theme (

CVE-2025-25174 WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 Extensions: from n/a through = 1.9.4...

CVE-2025-25172 WordPress VidMov <= 1.9.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov: from n/a through 1.9.4...

CVE-2025-25172 WordPress VidMov <= 1.9.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through = 1.9.4...

CVE-2025-28979 WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3...

CVE-2025-28979 WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3...

CVE-2025-30635

CVE-2025-30635 affects IDonatePro (WordPress plugin) &lt;= 2.1.9 and is described as an improper control of the filename for include/require statements, enabling PHP Local File Inclusion. Public sources in the connected documents corroborate the vulnerability as a Local File Inclusion issue and n...

CVE-2025-32288 WordPress RT-Theme 18 | Extensions plugin <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.4...

CVE-2025-32288 WordPress RT-Theme 18 | Extensions plugin <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.4...

CVE-2025-48293

CVE-2025-48293 affects WordPress Geo Mashup plugin (

CVE-2025-48293 WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through = 1.13.16...

CVE-2025-49036

CVE-2025-49036 is a Local File Inclusion vulnerability in WordPress Premium Addons for KingComposer (versions up to 1.1.1). The issue arises from improper control of filename handling for include/require statements in PHP, enabling an attacker to potentially include local files. No exploit vector...

CVE-2025-49264 WordPress Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inclusion.This issue affects Cloud SAML SSO - Single Sign On...

CVE-2025-49271

CVE-2025-49271 describes an issue in GravityWP – Merge Tags where improper handling of filenames in PHP Include/Require statements enables PHP Local File Inclusion. Affected versions are GravityWP – Merge Tags up to and including 1.4.4. The weakness could allow an attacker to access local files v...