CVE-2025-69406

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through = 1.1.7...

CVE-2025-69407

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

CVE-2025-69408

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirst: from n/a through = 1.0.1...

CVE-2025-69402

CVE-2025-69402 : Local File Inclusion in the WordPress Theme R&F rf (ThemeREX) via Improper Control of Filename for Include/Require. Affected: ThemeREX R&F rf versions up to and including 1.5. Exploitation context not provided in the sources. Remediation per the connected docs: update ThemeREX R&...

CVE-2025-69396 WordPress Splendour theme <= 1.23 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Splendour splendour allows PHP Local File Inclusion.This issue affects Splendour: from n/a through = 1.23...

CVE-2025-69399

CVE-2025-69399 describes an Unauthenticated Local File Inclusion in the WordPress Cobble theme (ThemeREX Cobble) up to version 1.7. The issue arises from an improper control of the filename in include/require statements, enabling local file inclusion. Documented impact per sources indicates poten...

CVE-2025-69398

CVE-2025-69398 describes a Local File Inclusion in the WordPress Theme Plank (ThemeREX Plank) up to version 1.7, caused by improper control of the filename used in Include/Require statements. The Red Hat/PatchStack entries corroborate that Plank

CVE-2025-69397

CVE-2025-69397 affects the WordPress Tint theme by ThemeREX. It is a PHP Local File Inclusion caused by improper Control of Filename for Include/Require, impacting Tint versions through 1.7. CVSS 3.1 base 8.1 (HIGH). Affected: Tint

CVE-2025-68841

CVE-2025-68841 refers to the TopperPack – Complete Elementor Addons, Theme & CPT Builder plugin (

CVE-2025-67981 WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through = 2.3.15...

CVE-2025-67982 WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through = 2.5.12...

CVE-2026-25242

Gogs is an open source self-hosted Git service. Versions 0.13.4 and below expose unauthenticated file upload endpoints by default. When the global RequireSigninView setting is disabled default, any remote user can upload arbitrary files to the server via /releases/attachments and...

PT-2026-21168

Name of the Vulnerable Software and Affected Versions whatwouldjessedo Simple Retail Menus versions through 4.2.1 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP...

PT-2026-21093

Name of the Vulnerable Software and Affected Versions thembay Fana versions through 1.1.35 Description An issue exists in thembay Fana related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion. This allows for potential unauthorized access or...

PT-2026-21211

Name of the Vulnerable Software and Affected Versions axiomthemes Redy versions through 1.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local File Inclusion. The issue is identified as a PHP Remote...

PT-2026-21223

Name of the Vulnerable Software and Affected Versions AncoraThemes UnlimHost versions through 1.2.3 Description The software contains a flaw related to improper control of filenames used in include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...

PT-2026-21210

Name of the Vulnerable Software and Affected Versions AncoraThemes Coworking versions through 1.6.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, potentially leading to PHP Local File Inclusion. The issue allows for the...

PT-2026-21224

Name of the Vulnerable Software and Affected Versions Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme versions through 1.3 Description The software contains a flaw related to improper control of filenames used in include/require statements, specifically a PHP Local File Inclusi...

PT-2026-21213

Name of the Vulnerable Software and Affected Versions axiomthemes Marveland versions through 1.3.0 Description The software contains an Improper Control of Filename for Include/Require Statement issue, specifically a PHP Local File Inclusion. This allows for the inclusion of local files...

PT-2026-21212

Name of the Vulnerable Software and Affected Versions AncoraThemes Ironfit versions through 1.5 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion of...