CVE-2025-2294

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2025-2294 Kubio AI Page Builder <= 2.5.1 - Unauthenticated Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

WordPress Kubio AI Page Builder 2.5.1 Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to a local file inclusion vulnerability in all versions up to, and including, 2.5.1 via the kubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...

CMS Made Simple 2.2.21 Remote Code Execution

CMS Made Simple versions 2.2.21 and below allow an authenticated administrator to upload files with the .phar or .phtml extensions, enabling execution of PHP code leading to remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2024-13790

CVE-2024-13790 affects the MinimogWP theme for WordPress (versions

VulnCheck KEV: CVE-2024-3806

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'portoajaxposts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

CVE-2025-1771

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2025-1771

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2025-1771 Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2024-13913 InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.83 - Cross-Site Request Forgery to Local File Inclusion

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.0.83. This is due to missing or incorrect nonce validation in the '/migrate/templates/main.php' file. This makes it possible for...

D Tale 3.15.1 Remote Command Execution

D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...

CVE-2025-1707 Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta

The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing...

D Tale 3.10.0 Remote Command Execution

D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...

CVE-2024-12811

The CVE CVE-2024-12811 affects the Traveler WordPress theme (versions up to 3.1.8). It describes an authenticated Local File Inclusion via the hotel_alone_slider shortcode’s style attribute, enabling an attacker with contributor+ permissions to include arbitrary server files and execute PHP code....

CVE-2024-2297

The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the createautosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above...

CVE-2024-13725

The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those...

CVE-2024-13725 Keap Official Opt-in Forms <= 2.0.1 - Unauthenticated Limited Local File Inclusion

The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those...

CVE-2024-10763

The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campresswoocommercegetajaxproducts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

CVE-2024-10763 Campress <= 1.35 - Unauthenticated Local File Inclusion

The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campresswoocommercegetajaxproducts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the executio...

PT-2025-6499

Name of the Vulnerable Software and Affected Versions Campress theme for WordPress versions up to, and including, 1.35 Description The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the campress woocommerce get ajax products function, enabling the...