Patreon WordPress <1.7.0 - Unauthenticated Local File Inclusion

Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the...

CVE-2025-2558

CVE-2025-2558 describes an unauthenticated Local File Inclusion (LFI) in the WordPress theme The Wound (versions

CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities KEV catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 CVSS score: 9.8, is a path travers...

CVE-2024-6459 News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

Exploit for Unrestricted Upload of File with Dangerous Type in Thimpress Learnpress

CVE-2022-47615 LearnPress Plugin 4.2.0 - Unauthenticated...

CVE-2022-0320 Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI

The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to perform Local File Inclusion attack and read arbitrary files on the server, this could also lead ...