WordPress plugin Include Me 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2025-36782

Name of the Vulnerable Software and Affected Versions: uxper Sala versions n/a through 1.1.6 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for the inclusion of remote files, potentiall...

PT-2025-36804

Name of the Vulnerable Software and Affected Versions: Include Me versions through 1.3.2 Description: The software contains a cross-site scripting XSS issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. Recommendations: Update Include Me t...

PT-2025-36763

Name of the Vulnerable Software and Affected Versions: highwarden Super Store Finder versions through 6.9.7 Description: The software contains an Improper Control of Filename for Include/Require Statement 'PHP Remote File Inclusion' issue. Recommendations: Update to a version later than 6.9.7...

PT-2025-36795

Name of the Vulnerable Software and Affected Versions: gavias Ziston affected versions not specified Description: The software contains an Improper Control of Filename for Include/Require Statement, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files within t...

CVE-2025-58214

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through 1.3.0...

CVE-2025-58214

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through 1.3.0...

CVE-2025-58206

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through = 3.2.5...

CVE-2025-58206

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MaxCoach allows PHP Local File Inclusion. This issue affects MaxCoach: from n/a through 3.2.5...

CVE-2025-58206 WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through = 3.2.5...

CVE-2025-58637

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in immonex immonex Kickstart immonex-kickstart allows PHP Local File Inclusion.This issue affects immonex Kickstart: from n/a through = 1.11.6...

PT-2025-36255

Name of the Vulnerable Software and Affected Versions: gavias Indutri versions prior to 1.3.0 Description: The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. Recommendation...

CVE-2025-9920 Campcodes Recruitment Management System index.php include file inclusion

A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2025-58637

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in immonex immonex Kickstart immonex-kickstart allows PHP Local File Inclusion.This issue affects immonex Kickstart: from n/a through = 1.11.6...

CVE-2025-58608 WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BuddyDev MediaPress mediapress allows PHP Local File Inclusion.This issue affects MediaPress: from n/a through = 1.5.9.1...

CVE-2025-9260

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible for authenticated...

PT-2025-35742

Name of the Vulnerable Software and Affected Versions: BuddyDev MediaPress versions through 1.5.9.1 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue, which allows for PHP Local File Inclusion...

PT-2025-35766

Name of the Vulnerable Software and Affected Versions immonex Kickstart versions through 1.11.6 Description The software contains an Improper Control of Filename for Include/Require Statement vulnerability, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion...

Linux Distros Unpatched Vulnerability : CVE-2023-5550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server...

CVE-2025-47696

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...