CVE-2025-48149 WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through = 1.2.3...

CVE-2025-48149

CVE-2025-48149 affects the WordPress Cook&Meal theme (versions

CVE-2025-48149 WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through = 1.2.3...

CVE-2025-48157 WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through = 1.5.9...

CVE-2025-48157 WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion. This issue affects Formality: from n/a through 1.5.9...

CVE-2025-48171 WordPress Cena Store <= 2.11.26 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through = 2.11.26...

CVE-2025-48171

CVE-2025-48171 is a WordPress Cena Store vulnerability (versions

CVE-2025-48298 WordPress SEOPress for MainWP <= 1.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue affects SEOPress for MainWP: from n/a through = 1.4...

CVE-2025-48298

CVE-2025-48298 is an unauthenticated Local File Inclusion in WordPress SEOPress for MainWP

CVE-2025-53198

Houzez WordPress theme

CVE-2025-53198 WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through = 4.0.4...

CVE-2025-53207 WordPress WP Travel Gutenberg Blocks plugin <= 3.9.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows PHP Local File Inclusion.This issue affects WP Travel Gutenberg Blocks: from n/a through = 3.9.0...

CVE-2025-53210

The CVE-2025-53210 entry concerns bdthemes ZoloBlocks

CVE-2025-53567

CVE-2025-53567 describes an unauthenticated Local File Inclusion in WordPress Ghost Kit (PHP) due to improper filename handling in Include/Require statements, affecting Ghost Kit versions up to 3.4.1. Reported CVSS v3.1 base score 8.1 (HIGH) with NETWORK attack vector, HIGH impact on confidential...

CVE-2025-54031

CVE-2025-54031 is a PHP Local File Inclusion in WordPress Support Board, caused by improper control of filename for include/require statements. Affected: Support Board versions through 3.8.0. Impact: PHP LFI leading to access to local files; CVSS metrics indicate HIGH severity. Remediation: a fix...

CVE-2025-54034 WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10...

PT-2025-33931 · Roxnor · Roxnor Fundengine

Name of the Vulnerable Software and Affected Versions: Roxnor FundEngine versions through 1.7.4 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusion...

WordPress plugin ZoloBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-33974 · WordPress · Zoloblocks

Name of the Vulnerable Software and Affected Versions: bdthemes ZoloBlocks versions through 2.3.2 Description: An improper control of filename for include/require statement exists in bdthemes ZoloBlocks, allowing for PHP Local File Inclusion. This issue is related to a PHP Remote File Inclusion...

WordPress plugin WP Travel Gutenberg Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...