CVE-2026-39613 WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

CVE-2026-27079

CVE-2026-27079 corresponds to a Local File Inclusion vulnerability in WordPress Amfissa (Mikado-Themes) theme, described as Improper Control of Filename for Include/Require in PHP (PHP Remote File Inclusion). Affected software: Mikado-Themes Amfissa amfissa, versions n/a through 1.1. Root cause: ...

CVE-2026-22504 WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...

CVE-2026-22504 WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...

CVE-2026-32369 WordPress Medilink-Core plugin < 2.0.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Medilink-Core medilink-core allows PHP Local File Inclusion.This issue affects Medilink-Core: from n/a through 2.0.7...

CVE-2026-28030 WordPress Bonbon theme <= 1.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...

CVE-2026-28019 WordPress Manoir theme <= 1.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through = 1.11...

CVE-2026-22428 WordPress Tooth Fairy theme <= 1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This issue affects Tooth Fairy: from n/a through = 1.16...

CVE-2019-11344

data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute arbitrary code by uploading a .htaccess file that specifies SetHandler x-httpd-php for a .txt file, because only certain PHP-related filename extensions are blocked...

CVE-2025-67920

CVE-2025-67920 concerns an unauthenticated Local File Inclusion in the WordPress theme Neo Ocular (Elated-Themes) via improper filename handling in PHP includes. Affected: Neo Ocular

CVE-2025-22708

CVE-2025-22708 is an Unauthenticated Local File Inclusion in the Mitech WordPress Theme (versions up to and including 2.3.4). The issue arises from improper control of the filename used by PHP include/require statements, enabling a remote attacker to influence included files. The public details s...

CVE-2025-14429 WordPress AeroLand theme <= 1.6.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through = 1.6.6...

CVE-2025-69086 WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes Issabella issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a through = 1.1.2...

CVE-2025-60050 WordPress Panda theme <= 1.21 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Panda panda allows PHP Local File Inclusion.This issue affects Panda: from n/a through = 1.21...

CVE-2025-60047 WordPress IPharm theme <= 1.2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes IPharm ipharm allows PHP Local File Inclusion.This issue affects IPharm: from n/a through = 1.2.3...

CVE-2025-53445

The CVE-2025-53445 entry concerns the WordPress Catwalk (axiomthemes Catwalk) plugin/theme with versions up to and including 1.4, describing an improper control of filenames for include/require statements that enables PHP Local File Inclusion. Affected component: Catwalk’s include/require handlin...

CVE-2025-68068 WordPress Stockholm theme <= 9.14.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through = 9.14.1...

CVE-2025-68061 WordPress EduMall theme <= 4.4.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through = 4.4.7...

CVE-2025-67515 WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through 3.5...

CVE-2025-60203 WordPress Store Exporter plugin <= 2.7.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter allows PHP Local File Inclusion.This issue affects Store Exporter: from n/a through = 2.7.6...