CVE-2025-30871

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5...

CVE-2025-30871

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through = 6.3.5...

WordPress plugin Include Mastodon Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2025-30595

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30593

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through = 0.3.5...

CVE-2025-23952

CVE-2025-23952 describes an Unvalidated Filename handling flaw in WordPress plugin Custom Field List Widget (ntm custom-field-list-widget) that allows Local File Inclusion via PHP include/require. Affected: custom-field-list-widget versions

The vulnerability of the `include` function in the Web Directory Free plugin of the WordPress content management system arises from an incorrect limitation on the path to the restricted catalog. This allows attackers to execute arbitrary code.

The vulnerability of the include function in the Web Directory Free plugin of the WordPress content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

CVE-2025-30595

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30595 WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30595

CVE-2025-30595 describes a stored XSS in the WordPress project/component named "include-file" due to improper input neutralization during web page generation. Affected: include-file (WordPress plugin/component named include-file). Exploitation details are not provided beyond the stored XSS classi...

CVE-2025-30595 WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

CVE-2025-30593 WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through = 0.3.5...

CVE-2025-30593

CVE-2025-30593: Stored XSS in the Include URL WordPress plugin (Include URL) affecting versions up to 0.3.5. The vulnerability arises from improper input neutralization during web page generation, enabling attacker-supplied scripts when the page is viewed. The CVSS vector indicates network access...

CVE-2025-30593 WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk Include URL include-url allows Stored XSS.This issue affects Include URL: from n/a through = 0.3.5...

WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability

WordPress Include URL plugin = 0.3.5 Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin Include URL versions = 0.3.5...

WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

WordPress include-file plugin = 1 Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin include-file versions = 1...

WordPress plugin include-file 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Include URL 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

The vulnerability of the bpf_ctx_narrow_access_offset() function in the include/linux/filter.h module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the bpfctxnarrowaccessoffset function in the include/linux/filter.h module of the Linux kernel is related to the copying of a buffer without checking its size a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to cause a system failure...

CVE-2024-51319

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...