CVE-2025-68537

CVE-2025-68537 is a WordPress theme vulnerability in Zota (Them ebeez theme family) where an authenticated attacker (Contributor+) can trigger Local File Inclusion via the Include/Require handling in PHP. Affected versions: Zota up to 1.3.14. The issue has a high impact profile (CVE‑2015‑68537, C...

CVE-2025-68530

CVE-2025-68530 affects the WordPress plugin/theme Bookory . The Wordfence entry documents an authenticated Local File Inclusion (LFI) via improper control of the filename used in PHP include/require, labeled as Authenticated (Contributor+) Local File Inclusion in Bookory <= 2.2.7. The vulnerab...

CVE-2025-68560

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor.This issue affects TheGem Theme Elements for Elementor: from n/a through = 5.10.5.1...

WordPress plugin Fana 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Bookory 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Zota 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-53099

Name of the Vulnerable Software and Affected Versions thembay Zota versions n/a through 1.3.14 Description An improper control of filename for include/require statement exists in thembay Zota, potentially allowing PHP Local File Inclusion. The issue involves the inclusion of files without proper...

TencentOS Server 3: httpd:2.4 (TSSA-2025:0973)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0973 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-68560

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor.This issue affects TheGem Theme Elements for Elementor: from n/a through = 5.10.5.1...

CVE-2025-68544

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through = 1.3.15...

CVE-2025-68546

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through = 1.2.14...

CVE-2025-68546 WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Thembay Nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through 1.2.14...

WordPress plugin Diza 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress Diza plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

PT-2025-52746

Name of the Vulnerable Software and Affected Versions Thembay Diza versions through 1.3.15 Description An improper control of filename for include/require statement exists in Thembay Diza, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files, potentially leadi...

CVE-2025-52768

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Faith & Hope faith-hope allows PHP Local File Inclusion.This issue affects Faith & Hope: from n/a through = 2.13.0...

CVE-2025-58898

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes HealthHub healthhub allows PHP Local File Inclusion.This issue affects HealthHub: from n/a through = 1.3.0...

CVE-2025-58890

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...

CVE-2025-58935

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lunna: from n/a through = 1.15...

CVE-2025-58225

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Paragon paragon allows PHP Local File Inclusion.This issue affects Paragon: from n/a through = 1.1...

CVE-2025-58885

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pathfinder pathfinder allows PHP Local File Inclusion.This issue affects Pathfinder: from n/a through = 1.16...