17 matches found
CVE-2025-58890
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...
EUVD-2025-204182
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...
CVE-2025-58890
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...
CVE-2025-58890
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...
CVE-2025-58890 WordPress Playful theme <= 1.19.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...
CVE-2025-58890
CVE-2025-58890 concerns WordPress/AncoraThemes Playful theme versions up to and including 1.19.0, where an improper control of filename for include/require statements enables PHP Local File Inclusion. The advisory documents indicate a PHP Local File Inclusion vulnerability in Playful, affecting v...
CVE-2025-58890 WordPress Playful theme <= 1.19.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...
WordPress plugin Playful 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-52064
Name of the Vulnerable Software and Affected Versions AncoraThemes Playful versions through 1.19.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of local...
WordPress Playful theme <= 1.19.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Playful versions = 1.19.0...
playfulpages.com Cross Site Scripting vulnerability OBB-3926127
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
playful-larissa.gr Improper Access Control vulnerability OBB-3835468
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor
Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...
Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks
The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus , said it observed the...
Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks
The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the...
Microsoft Seizes 42 Malicious Web Domains Used By Chinese Hackers
Microsoft on Monday announced the seizure of 42 domains used by a China-based cyber espionage group that set its sights on organizations in the U.S. and 28 other countries pursuant to a legal warrant issued by a federal court in the U.S. state of Virginia. The Redmond company attributed the...
Ke3chang APT Linked to Previously Undocumented Backdoor
The Ke3chang cyberespionage group, a.k.a. APT15, Mirage, Playful Dragon or Vixen Panda, has been tied to a backdoor called Okrum that has been used to target diplomatic missions throughout Europe and Latin America. The attribution widens the scope of known Ke3chang activity, an APT believed to be...