Lucene search
K

20384 matches found

CVE
CVE
added 2 hours ago9 views

CVE-2026-5137

The RTMKit (rometheme-for-elementor) WordPress plugin is affected by a Local File Inclusion in versions up to 2.0.7 due to insufficient path validation on the template parameter in the render_templates AJAX endpoint, which is used directly in a require/include statement without sanitization. Auth...

4.3CVSS6.2AI score
Exploits0References5
Nuclei
Nuclei
added 9 hours ago18 views

Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion

Media Library Assistant plugin for WordPress before 2.82 contains a local file inclusion caused by unsanitized mlagallery link parameter, letting attackers include arbitrary local files, exploit requires access to the vulnerable link. id: CVE-2020-11732 info: name: Media Library Assistant 2.82 -...

7.5CVSS7.2AI score0.04917EPSS
Exploits4References1
Nuclei
Nuclei
added 9 hours ago7 views

News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion

The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...

9.8CVSS7.9AI score0.04262EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago42 views

Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion

The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

9.8CVSS7.8AI score0.04841EPSS
Exploits3References4
Nuclei
Nuclei
added 9 hours ago19 views

Intelbras TIP 200/200 LITE/300 - Local File Inclusion

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 are vulnerable to local file inclusion via the 'page' parameter in /cgi-bin/cgiServer.exx, allowing unauthenticated attackers to read arbitrary files such as /etc/passwd. id: CVE-2020-13886 info: name: Intelbras TIP...

5.3CVSS6.9AI score0.04344EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago11 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS6AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago13 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7.1AI score0.05028EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago10 views

System Dashboard < 2.8.15 - Admin+ Path Traversal

The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server id: CVE-2024-10708 info: name: System Dashboard 2.8.15 - Admin+ Path...

4.9CVSS7.3AI score0.01974EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago11 views

Mockoon < 9.2.0 - Path Traversal

Mockoon before 9.2.0 contains a path traversal and local file inclusion caused by unsafe templating of server filenames from user input, letting attackers read arbitrary files on the mock server filesystem, exploit requires crafted request. id: CVE-2025-59049 info: name: Mockoon 9.2.0 - Path...

7.5CVSS7.3AI score0.0166EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago13 views

Moodle Jmol Filter 6.1 - Local File Inclusion

Moodle Jmol Filter 6.1 is vulnerable to local file inclusion through the jsmol.php file, allowing attackers to read arbitrary files on the server. id: CVE-2025-34031 info: name: Moodle Jmol Filter 6.1 - Local File Inclusion author: madrobot severity: high description: | Moodle Jmol Filter 6.1 is...

8.7CVSS7.3AI score0.02963EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago26 views

Ads Pro Plugin <= 4.89 - Local File Inclusion

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsatemplate' parameter of the bsapreviewcallback function. This makes it possible for unauthenticated attackers to includ...

9.8CVSS6.6AI score0.28162EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago7 views

Karel IP Phone IP1211 Web Management Panel - Local File Inclusion

Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. id: CVE-2025-34023 info: name: Karel IP Phone IP1211 Web Management Pane...

8.5CVSS6.1AI score0.01409EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago8 views

Oliver 5 Library Server <8.00.008.053 - Local File Inclusion

Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function. id: CVE-2021-45027 info: name: Oliver 5 Library Server 8.00.008.053 - Local File Inclusion author: gy741 severity: high description: Oliver 5 Library Server versions prior t...

7.5CVSS7AI score0.01642EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago9 views

WordPress Popup Builder < 4.0.7 - Remote Code Execution

Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by unsanitized 'sgpbtype' parameter in require statement, letting attackers include arbitrary local files or execute code via wrappers like PHAR, exploit requires attacker to control 'sgpbtype' parameter. id:...

8.8CVSS7.4AI score0.05365EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago60 views

InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion

The InstaWP Connect - 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files ...

8.1CVSS7.7AI score0.10305EPSS
Exploits0References3
Nuclei
Nuclei
added 9 hours ago127 views

Kubio AI Page Builder <= 2.5.1 - Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS7.9AI score0.76761EPSS
Exploits12References3
Nuclei
Nuclei
added 9 hours ago5 views

EventON Lite <= 2.4 - Authenticated Local File Inclusion

Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...

8.8CVSS7.2AI score0.01833EPSS
Exploits0References1
Nuclei
Nuclei
added 9 hours ago6 views

WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion

Campress theme for WordPress up to 1.35 contains a local file inclusion caused by 'campresswoocommercegetajaxproducts' function, letting unauthenticated attackers include and execute arbitrary PHP files, exploit requires no authentication. id: CVE-2024-10763 info: name: WordPress Campress Theme =...

9.8CVSS7.5AI score0.03529EPSS
Exploits0References1
Nuclei
Nuclei
added 9 hours ago12 views

Polyaxon - Unauthenticated Directory Traversal

Polyaxon latest version contains a path traversal caused by insufficient validation in directory access, letting unauthenticated attackers retrieve directory information and file contents, exploit requires no authentication. id: CVE-2024-9362 info: name: Polyaxon - Unauthenticated Directory...

7.5CVSS7AI score0.04245EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago29 views

esm.sh <= v136 - Local File Inclusion

esm.sh = 136 contains a local file inclusion caused by improper URL handling, letting attackers read arbitrary files from the host filesystem remotely, exploit requires crafted request. id: CVE-2025-59341 info: name: esm.sh = v136 - Local File Inclusion author: 0xAkoko severity: high description:...

8.7CVSS7.3AI score0.01527EPSS
Exploits0References3
Rows per page
Query Builder