24 matches found
CVE-2026-28120 WordPress Dr.Patterson theme <= 1.3.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue affects Dr.Patterson: from n/a through = 1.3.2...
CVE-2026-28066 WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Legrand legrand allows PHP Local File Inclusion.This issue affects Legrand: from n/a through = 2.17...
WordPress plugin Beacon 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-69043
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through = 1.1.3...
CVE-2025-53448
CVE-2025-53448 concerns the WordPress Rally theme (axiomthemes Rally) up to version 1.1, which suffers from improper control of filenames in include/require statements, enabling PHP Local File Inclusion. Affected component: WordPress Rally theme; root cause: Local File Inclusion via unsafely cons...
WordPress plugin Strux 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-52104
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wanderic wanderic allows PHP Local File Inclusion.This issue affects Wanderic: from n/a through = 1.0.10...
Pretty Mail by FriendsOfFlarum 安全漏洞
Pretty Mail by FriendsOfFlarum is an open source tool from Friends of Flarum that allows you to make custom html templates for emails. A security vulnerability exists in Pretty Mail by FriendsOfFlarum version 1.1.2, which stems from the presence of a local file inclusion in an email template that...
CVE-2025-39468
CVE-2025-39468 refers to a Local File Inclusion vulnerability in the WordPress Modal Survey plugin (modal-survey) affecting versions up to 2.0.2.0.1. The issue arises from improper control of filenames used in include/require, enabling an attacker to read local files via crafted input. The connec...
WordPress plugin Premmerce Product Search for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Plugin Consulting 安全漏洞
WordPress Consulting plugin is a plugin that provides WordPress website optimization, security auditing, performance enhancement, etc. It is mainly used to help businesses or individual users to solve the technical problems of WordPress websites. WordPress Consulting plugin has a file inclusion...
WordPress plugin Kleo 安全漏洞
WordPress Kleo plugin is a feature-rich portfolio of themes and plugins in the WordPress ecosystem, primarily used to build social networks, member communities and e-commerce platforms. WordPress Kleo plugin suffers from a file inclusion vulnerability that stems from improper file name control,...
PT-2025-43603
Name of the Vulnerable Software and Affected Versions Edge CPT versions through 1.4 Description An improper control of filename for include/require statement exists in Edge CPT, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local files within the application...
PT-2025-43163
Name of the Vulnerable Software and Affected Versions WP Abstracts versions through 2.7.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local files...
CVE-2025-48149
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through = 1.2.3...
CVE-2025-32288
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.4...
WordPress plugin Unicamp 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin National Weather Service Alerts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws
Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...