CVE-2026-22439 WordPress Green Planet theme <= 1.1.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through = 1.1.14...

CVE-2026-22442

CVE-2026-22442 is a Local File Inclusion vulnerability in the WordPress Tribe theme (LaunchandSell Tribe) affecting versions up to 1.7.3. The issue is caused by improper handling of filename resolution in include/require statements, enabling an attacker to potentially include local files via PHP....

CVE-2026-22437 WordPress Playa theme <= 1.3.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playa playa allows PHP Local File Inclusion.This issue affects Playa: from n/a through = 1.3.9...

CVE-2026-22436

CVE-2026-22436 describes an unauthenticated Local File Inclusion in the WordPress theme Helvig by Elated-Themes, affecting Helvig versions up to 1.0. The flaw arises from improper control of the filename used in PHP include/require statements (PHP Local File Inclusion). Public sources identify th...

CVE-2026-22431 WordPress Wabi-Sabi theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wabi-Sabi wabi-sabi allows PHP Local File Inclusion.This issue affects Wabi-Sabi: from n/a through = 1.2...

CVE-2026-22421 WordPress Quantum theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Quantum quantum allows PHP Local File Inclusion.This issue affects Quantum: from n/a through = 1.0...

CVE-2026-22419

CVE-2026-22419 – Local File Inclusion in AncoraThemes Honor WordPress theme (vulnerable

CVE-2026-22410

CVE-2026-22410 concerns Mikado-Themes Dolcino (WordPress Dolcino theme) with a Local File Inclusion due to Improper Control of Filename for Include/Require Statement. Affected: Dolcino versions through 1.6. Root cause: PHP Include/Require filename handling allows LFI. Impact: high severity potent...

CVE-2026-22397 WordPress Fleur theme <= 2.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Fleur fleur allows PHP Local File Inclusion.This issue affects Fleur: from n/a through = 2.2.1...

CVE-2026-22399 WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through = 1.7...

CVE-2026-22389

CVE-2026-22389 describes an unauthorized Local File Inclusion (LFI) vulnerability in the WordPress theme Mikado-Themes Cocco cocco (versions up to and including 1.5.1). The issue arises from improper control of filenames used in PHP include/require statements, effectively enabling an attacker to ...

CVE-2026-22389 WordPress Cocco theme <= 2.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through = 2.0...

CVE-2026-22385

CVE-2026-22385 is a Local File Inclusion (LFI) flaw in the WordPress Wolmart theme. Data from multiple sources confirms an Improper Control of Filename for Include/Require Statement in PHP, enabling LFI via Wolmart

CVE-2026-27971

Qwik is a performance focused javascript framework. qwik =1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where...

PT-2026-23336

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion.This issue affects MCKinney's Politics: from n/a through = 1.2.8...

PT-2026-23327

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from n/a through = 1.4.16...

PT-2026-23312

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Bonbon bonbon allows PHP Local File Inclusion.This issue affects Bonbon: from n/a through = 1.6...

PT-2026-23191

Name of the Vulnerable Software and Affected Versions Select-Themes Prowess versions through 1.8.1 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Remote File Inclusion. This allows for PHP Local File Inclusion. The affect...

PT-2026-23210

Name of the Vulnerable Software and Affected Versions Elated-Themes FindAll versions through 1.4 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File Inclusio...

PT-2026-23168

Name of the Vulnerable Software and Affected Versions AncoraThemes Great Lotus versions through 1.3.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...