CVE-2026-32505

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through = 2.0.8...

CVE-2026-32504

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through = 1.1.8...

CVE-2026-32503

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through = 1.1.4...

CVE-2026-32500 WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through = 1.1.4...

CVE-2026-32500

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through = 1.1.4...

CVE-2026-32500 WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through = 1.1.4...

CVE-2026-27079 WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through = 1.1...

CVE-2026-27081

CVE-2026-27081 concerns the WordPress Rosebud theme (Rosebud) with versions up to and including 1.4, exposing a Local File Inclusion via improper control of include/require filenames in PHP. The vulnerability is documented as LFI in Rosebud

CVE-2026-27078

CVE-2026-27078 corresponds to an LFI in Mikado-Themes Emaurri (WordPress) due to improper control of filenames in PHP include/require. Affected software: Emaurri versions up to and including 1.0.1. Impact as described in sources is PHP Local File Inclusion, with attackers potentially disclosing o...

CVE-2026-27078 WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through = 1.0.1...

CVE-2026-27075

CVE-2026-27075 concerns an Improper Control of Filename for Include/Require Statement (PHP Local File Inclusion) in Mikado-Themes Belfort (WordPress theme Belfort). The vulnerability allows Local File Inclusion due to inadequate validation of filenames used in PHP include/require, affecting Belfo...

CVE-2026-27077

CVE-2026-27077 affects Mikado-Themes MultiOffice WordPress theme (MultiOffice)

CVE-2026-27076 WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through = 1.0...

CVE-2026-27075 WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through = 1.0...

CVE-2026-27048 WordPress The Aisle Core plugin <= 2.0.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through = 2.0.5...

CVE-2026-25457

CVE-2026-25457 affects Mixtape WordPress Theme

CVE-2026-25458

CVE-2026-25458 affects Moments (WordPress theme) up to version 2.2. The issue is an improper control of filename for include/require statements in PHP, effectively a PHP Remote File Inclusion that enables Local File Inclusion. According to Wordfence, this vulnerability is currently Unpatched; CVS...

CVE-2026-25382 WordPress IdealAuto theme < 3.8.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through 3.8.6...

CVE-2026-25379

CVE-2026-25379 is a local file inclusion vulnerability affecting the StreamVid WordPress theme (StreamVid) prior to version 6.8.6. The root cause is improper control of the filename used by PHP include/require statements, enabling an attacker to perform a PHP Local File Inclusion (LFI) via the St...

CVE-2026-22516

CVE-2026-22516 is a Local File Inclusion vulnerability affecting WordPress plugin/theme Wizor's Wizor's Investments, specifically versions up to and including 2.12. The issue is described as an improper control of filename for Include/Require statements in PHP, enabling PHP Local File Inclusion (...