647 matches found
CVE-2025-47653 WordPress WP-Recall <= 16.26.14 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14...
CVE-2025-47508
The CVE refers to CVE-2025-47508 affecting WordPress GamiPress plugin versions up to 7.3.7. It is an improper control of filenames for include/require statements (PHP Local File Inclusion that can escalate to PHP Local File Inclusion). Affected product: GamiPress plugin for WordPress (
CVE-2025-47498 WordPress Hotel Booking plugin <= 3.6 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue affects Hotel Booking: from n/a through = 3.6...
PT-2025-20119 · Eventon · Eventon
Name of the Vulnerable Software and Affected Versions: EventON versions n/a through 2.4.1 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a...
PT-2025-20132 · Gamipress · Gamipress
Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 7.3.7 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. This allows PHP Local File...
PT-2025-20207 · WordPress · Wp-Recall
Name of the Vulnerable Software and Affected Versions: WP-Recall versions through 16.26.14 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion in...
PT-2025-20077 · Unknown · Download Monitor
Name of the Vulnerable Software and Affected Versions: Download Monitor versions through 5.0.22 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...
CVE-2025-3975
A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been...
CVE-2025-39359
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in codeworkweb CWW Portfolio cww-portfolio allows PHP Local File Inclusion.This issue affects CWW Portfolio: from n/a through = 1.3.1...
CVE-2025-39391
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in zamartz Checkout Field Visibility for WooCommerce checkout-field-visibility-for-woocommerce allows PHP Local File Inclusion.This issue affects Checkout Field Visibility for...
CVE-2025-39462
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This issue affects Smart Agreements: from n/a through = 1.0.3...
CVE-2025-39452
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WPCafe: from n/a through = 2.2.32...
CVE-2025-39378
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows PHP Local File...
CVE-2025-39383
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in codeworkweb Xews Lite xews-lite allows PHP Local File Inclusion.This issue affects Xews Lite: from n/a through = 1.0.9...
CVE-2025-39359
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in codeworkweb CWW Portfolio cww-portfolio allows PHP Local File Inclusion.This issue affects CWW Portfolio: from n/a through = 1.3.1...
CVE-2025-32921 WordPress Arrival theme <= 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPoperation Arrival allows PHP Local File Inclusion. This issue affects Arrival: from n/a through 1.4.5...
CVE-2025-39378
CVE-2025-39378 is a Local File Inclusion vulnerability in the WordPress plugin Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light (versions through 2.4.37). The issue arises from improper control of filenames used in PHP Include/Require statements, enabling PHP Local File Inclusi...
CVE-2025-39384
CVE-2025-39384 affects WordPress plugin Product Lister for eBay (
CVE-2025-39387
CVE-2025-39387 covers a Local File Inclusion in the WordPress theme Opstore (Opstore theme). Affected product: Opstore theme, versions n/a through 1.4.5. Root cause: improper control of filename for include/require in PHP, enabling local file inclusion. Public details from CVE descriptions and Pa...
PT-2025-17755 · Unknown · License For Envato
Name of the Vulnerable Software and Affected Versions: License For Envato versions 1.0.0 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' or 'PHP Local File Inclusion'. This...