CVE-2025-12824 Player Leaderboard 1.0.0 - 1.0.2 - Authenticated (Contributor+) Local File Inclusion

The Player Leaderboard plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0.2 via the 'playerleaderboard' shortcode. This is due to the plugin using an unsanitized user-supplied value from the shortcode's 'mode' attribute in a call to include withou...

PT-2025-50808

Name of the Vulnerable Software and Affected Versions Player Leaderboard plugin for WordPress versions up to and including 1.0.2 Description The Player Leaderboard plugin for WordPress is susceptible to Local File Inclusion through the 'player leaderboard' shortcode. The issue stems from the plug...

CVE-2024-58313

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...

CVE-2024-58313

CVE-2024-58313 affects xbtitFM 4.1.18 and describes an insecure file upload in the file_hosting feature. The root cause is a bypass of file-type checks through Content-Type header manipulation (image/gif), GIF89a bytes, and alternate PHP tags, enabling authenticated attackers with administrative ...

PT-2025-49169

Name of the Vulnerable Software and Affected Versions LaraDashboard versions prior to 2.3.0 Description LaraDashboard, an all-in-one solution for starting a Laravel Application, has an issue in the password reset flow where it trusts the Host header. This allows attackers to redirect an...

PT-2025-47291

Name of the Vulnerable Software and Affected Versions METZ CONNECT EWIO2-M versions prior to 2.2.0 METZ CONNECT Ethernet-IO EWIO2-BM versions prior to 2.2.0 Description An unauthenticated remote attacker can execute arbitrary PHP files and gain full access of the affected devices. This allows...

METZ CONNECT多款产品 安全漏洞

METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany.METZ CONNECT Energy-Controlling EWIO2-M is a high performance data logger.METZ CONNECT Energy- Controlling EWIO2-M-BM is a high performance data logger.METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and actuat...

CVE-2025-10686

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

CVE-2025-12497

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10 via the 'argsextratemplatepath' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the...

CVE-2025-12493

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution formerly WooLentor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'loadtemplate' function. This makes it possible for unauthenticated...

CVE-2025-11704

CVE-2025-11704 — Elegance Menu (WordPress) Local File Inclusion is supported by multiple sources (Wordfence, Patchstack, CVE records) to affect the Elegance Menu plugin for WordPress up to version 1.9. The vulnerability enables an authenticated attacker with Contributor-level access or higher to ...

PT-2025-44993

Name of the Vulnerable Software and Affected Versions ShopLentor versions prior to 3.2.6 Description The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is susceptible to Local File Inclusion in versions up to and including 3.2.5...

CVE-2025-11722

The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2025-11722

The CVE CVE-2025-11722 affects the WordPress plugin “Woocommerce Category and Products Accordion Panel” (accordion-panel-for-category-and-products). The vulnerability is Local File Inclusion via the categoryaccordionpanel shortcode in all versions up to 1.0, exploitable by authenticated attackers...

CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion

The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...

CVE-2025-7634

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on th...

PT-2025-41358

Name of the Vulnerable Software and Affected Versions WP Travel Engine – Tour Booking Plugin – Tour Operator Software versions prior to 6.6.8 Description The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is susceptible to a Local File Inclusion issue in...

EUVD-2006-5122

Malware in sbrugna...

EUVD-2020-21090

Malware in sbrugna...

EUVD-2006-1017

Malware in sbrugna...