CVE-2025-48157 WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion. This issue affects Formality: from n/a through 1.5.9...

CVE-2025-48160

CVE-2025-48160 affects the WordPress Caliris theme (Caliris &lt;= 1.5). The vulnerability is an improper control of the filename used in include/require statements (PHP Local File Inclusion), enabling local file inclusion. The CVSS 3.1 base vector indicates network attack, high impact on confiden...

CVE-2025-48171 WordPress Cena Store <= 2.11.26 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through = 2.11.26...

CVE-2025-48171

CVE-2025-48171 is a WordPress Cena Store vulnerability (versions

CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through = 1.7.4...

CVE-2025-48302 WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Roxnor FundEngine allows PHP Local File Inclusion. This issue affects FundEngine: from n/a through 1.7.4...

CVE-2025-48298 WordPress SEOPress for MainWP <= 1.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue affects SEOPress for MainWP: from n/a through = 1.4...

CVE-2025-48298

CVE-2025-48298 is an unauthenticated Local File Inclusion in WordPress SEOPress for MainWP

CVE-2025-53198

Houzez WordPress theme

CVE-2025-53198 WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez allows PHP Local File Inclusion. This issue affects Houzez: from n/a through 4.0.4...

CVE-2025-53198 WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through = 4.0.4...

CVE-2025-53204 WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through = 1.9.2...

CVE-2025-53207 WordPress WP Travel Gutenberg Blocks plugin <= 3.9.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows PHP Local File Inclusion.This issue affects WP Travel Gutenberg Blocks: from n/a through = 3.9.0...

CVE-2025-53210

The CVE-2025-53210 entry concerns bdthemes ZoloBlocks

CVE-2025-53567

CVE-2025-53567 describes an unauthenticated Local File Inclusion in WordPress Ghost Kit (PHP) due to improper filename handling in Include/Require statements, affecting Ghost Kit versions up to 3.4.1. Reported CVSS v3.1 base score 8.1 (HIGH) with NETWORK attack vector, HIGH impact on confidential...

CVE-2025-54028 WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affects CF7 WOW Styler: from n/a through = 1.7.2...

CVE-2025-54028 WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Saleswonder Team Tobias CF7 WOW Styler allows PHP Local File Inclusion. This issue affects CF7 WOW Styler: from n/a through 1.7.2...

CVE-2025-54031

CVE-2025-54031 is a PHP Local File Inclusion in WordPress Support Board, caused by improper control of filename for include/require statements. Affected: Support Board versions through 3.8.0. Impact: PHP LFI leading to access to local files; CVSS metrics indicate HIGH severity. Remediation: a fix...

CVE-2025-54034 WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10...

WordPress plugin ZoloBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...