CVE-2025-23937

CVE-2025-23937 is a Local File Inclusion (LFI) vulnerability in the WordPress plugin LinkedIn Lite (versions

CVE-2025-30091

In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-controlled data to InstallCommand can be inserted into config.php, and InstallCommand is available...

CVE-2025-2473 PHPGurukul Company Visitor Management System Sign In index.php sql injection

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Sign In. The manipulation of the argument username leads to sql injection. The attack may be...

CVE-2025-26933

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue affects WC Place Order Without Payment: from n/a through =...

CVE-2025-2041

A vulnerability, which was classified as critical, has been found in s-a-zhd Ecommerce-Website-using-PHP 1.0. Affected by this issue is some unknown functionality of the file /shop.php. The manipulation of the argument pcat leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2025-27264

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through = 1.0.0...

Linux Distros Unpatched Vulnerability : CVE-2015-8866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in...

CVE-2025-27264

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creativeitem Doctor Appointment Booking doctor-appointment-booking allows PHP Local File Inclusion.This issue affects Doctor Appointment Booking: from n/a through = 1.0.0...

CVE-2025-23945

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Webliup Popliup popliup allows PHP Local File Inclusion.This issue affects Popliup: from n/a through = 1.1.1...

CVE-2025-27264

CVE-2025-27264 corresponds to a WordPress plugin issue in NotFound Doctor Appointment Booking (WordPress Doctor Appointment Booking) that enables Local File Inclusion via PHP Include/Require. The CVE entry cites affected versions from n/a through 1.0.0. CIRCL and Red Hat CVE references further sp...

CVE-2025-25109

CVE-2025-25109 affects WP Vehicle Manager

CVE-2025-25109 WordPress Vehicle Manager plugin <= 3.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JoomSky WP Vehicle Manager js-vehicle-manager allows PHP Local File Inclusion.This issue affects WP Vehicle Manager: from n/a through = 3.1...

CVE-2025-23945

CVE-2025-23945 affects the WordPress Popliup plugin up to version 1.1.1. The issue is an improper control of filename for include/require in a PHP program, enabling local file inclusion (LFI) through PHP Remote File Inclusion mechanics. The vulnerability stems from the plugin’s handling of includ...

CVE-2025-26964

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through = 4.0.20...

CVE-2025-26985

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a through = 1.0.6...

CVE-2025-26979

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.9.0...

CVE-2025-26957

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Deetronix Affiliate Coupons affiliate-coupons allows PHP Local File Inclusion.This issue affects Affiliate Coupons: from n/a through = 1.7.3...

CVE-2025-26964

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through = 4.0.20...

CVE-2025-26957

CVE-2025-26957 affects the WordPress plugin Affiliate Coupons (Affiliate Coupons – The #1 Coupon Display Plugin for Affiliate Marketers). Connected data confirms an Authenticated (Contributor+) Local File Inclusion vulnerability in Affiliate Coupons

CVE-2025-26957 WordPress Affiliate Coupons plugin <= 1.7.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Deetronix Affiliate Coupons affiliate-coupons allows PHP Local File Inclusion.This issue affects Affiliate Coupons: from n/a through = 1.7.3...