CVE-2026-22389

CVE-2026-22389 describes an unauthorized Local File Inclusion (LFI) vulnerability in the WordPress theme Mikado-Themes Cocco cocco (versions up to and including 1.5.1). The issue arises from improper control of filenames used in PHP include/require statements, effectively enabling an attacker to ...

CVE-2026-22389 WordPress Cocco theme <= 2.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through = 2.0...

CVE-2026-22385 WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through = 1.9.6...

CVE-2026-22387 WordPress Aviana theme <= 2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects Aviana: from n/a through = 2.1...

CVE-2026-22385

CVE-2026-22385 is a Local File Inclusion (LFI) flaw in the WordPress Wolmart theme. Data from multiple sources confirms an Improper Control of Filename for Include/Require Statement in PHP, enabling LFI via Wolmart

PT-2026-23311

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX EmojiNation emojination allows PHP Local File Inclusion.This issue affects EmojiNation: from n/a through = 1.0.12...

PT-2026-23381

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Muzicon muzicon allows PHP Local File Inclusion.This issue affects Muzicon: from n/a through = 1.9.0...

PT-2026-23183

Name of the Vulnerable Software and Affected Versions Elated-Themes Helvig versions through 1.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2026-23306

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Helion helion allows PHP Local File Inclusion.This issue affects Helion: from n/a through = 1.1.12...

PT-2026-23218

Name of the Vulnerable Software and Affected Versions fuelthemes versions prior to 1.6.11 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as PHP Remote File Inclusion. This allows for PHP Local File Inclusion. The vulnerable...

PT-2026-23310

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX MoneyFlow moneyflow allows PHP Local File Inclusion.This issue affects MoneyFlow: from n/a through = 1.0...

PT-2026-23336

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion.This issue affects MCKinney's Politics: from n/a through = 1.2.8...

PT-2026-23327

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

PT-2026-23312

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...

PT-2026-23191

Name of the Vulnerable Software and Affected Versions Select-Themes Prowess versions through 1.8.1 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. The affect...

WordPress plugin MCKinneys Politics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-23156

Name of the Vulnerable Software and Affected Versions Mikado-Themes Fleur versions through 2.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

PT-2026-23341

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Tiger Claw tiger-claw allows PHP Local File Inclusion.This issue affects Tiger Claw: from n/a through = 1.1.14...

WordPress plugin Legrand 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-23190

Name of the Vulnerable Software and Affected Versions ThemeREX Alliance alliance versions through 3.1.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the...