CVE-2025-22707

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through = 2.7.3...

CVE-2025-67935

CVE-2025-67935 relates to the Mikado-Themes Optimize/optimizewp WordPress theme. The issue is Local File Inclusion via Improper Control of Filename for Include/Require in PHP, enabling an attacker to include local PHP files. Affected: Optimize theme versions before 2.4. Impact is consistent with ...

CVE-2025-67936 WordPress Curly theme < 3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through 3.3...

CVE-2025-67935 WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through 2.4...

CVE-2025-14430

CVE-2025-14430 affects the Brook WordPress theme (ThemeMove Brook) and is due to Improper Control of Filename for Include/Require Statement in PHP (PHP Local File Inclusion). The description indicates Brook

CVE-2025-14431 WordPress Navian theme <= 1.5.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through = 1.5.4...

CVE-2025-22707 WordPress Moody theme <= 2.7.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through = 2.7.3...

PT-2026-1912

Name of the Vulnerable Software and Affected Versions Mikado-Themes Hendon versions prior to 1.7 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files. The...

PT-2026-2197

Name of the Vulnerable Software and Affected Versions Handmade Framework versions through 3.9 Description The software contains a flaw related to improper control of filenames used in include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local...

PT-2026-1910

Name of the Vulnerable Software and Affected Versions Mikado-Themes Optimize versions prior to 2.4 Description The software contains an Improper Control of Filename for Include/Require Statement issue, also known as a PHP Local File Inclusion. This allows for the inclusion of local files,...

CVE-2025-69080

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in JanStudio Gecko gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through = 1.9.8...

CVE-2025-69080

CVE-2025-69080 affects JanStudio Gecko (Gecko theme) up to v1.9.8. Describes Improper Control of Filename for Include/Require leading to PHP Local File Inclusion; Red Hat lists Gecko

WordPress plugin Hope 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-32304 WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0...

CVE-2025-69356

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

CVE-2025-69083

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Frappé frappe allows PHP Local File Inclusion.This issue affects Frappé: from n/a through = 1.8...

CVE-2025-69342

CVE-2025-69342 affects the Calafate WordPress Theme (Calafate – Portfolio & WooCommerce Creative WordPress Theme) up to version 1.7.7. Wordfence reports an Authenticated Local File Inclusion vulnerability via an include/require path in the theme, i.e., a user with Contributor+ privileges could ca...

PT-2026-1496

Name of the Vulnerable Software and Affected Versions Elated-Themes Frappé versions through 1.8 Description An improper control of filename for include/require statement exists in Elated-Themes Frappé, allowing for PHP Local File Inclusion. The issue involves the potential for an attacker to...

CVE-2025-69087

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes FreeAgent freeagent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through = 2.1.2...

CVE-2025-62753

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in MadrasThemes MAS Videos masvideos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through = 1.3.4...