CVE-2025-68539

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

CVE-2025-68539

CVE-2025-68539 affects the WordPress theme Fana (thembay) up to version 1.1.35, with an Unauthenticated Local File Inclusion due to improper control of include/require filenames. Public sources (NVD/Red Hat/Patchstack/Wordfence) enumerate Fana

PT-2026-21093

Name of the Vulnerable Software and Affected Versions thembay Fana versions through 1.1.35 Description An issue exists in thembay Fana related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion. This allows for potential unauthorized access or...

WordPress plugin Fana 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Fana versions = 1.1.35...

WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability

Software : Fana Type : Theme Vulnerable versions : = 1.1.35 Fixed in : 1.1.36 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68540 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : 1370613da8d7...

CVE-2025-68540

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

EUVD-2025-205187

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through = 1.1.35...

WordPress plugin Popup Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-15979 · Heateor · Heateor Social Login Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Heateor Social Login WordPress plugin versions up to, and including, 1.1.35 Description: The Heateor Social Login WordPress plugin has an authentication bypass issue due to insufficient verification on the user being returned by the social...

WordPress Magical Addons For Elementor Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS)

Software Magical Addons For Elementor Type Plugin Vulnerable versions = 1.1.34 Fixed in 1.1.35 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34547 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74ccb66566e9 Credits Khalid Yusuf Required...

WordPress plugin WPZOOM Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WPZOOM Addons for Elementor plugin <= 1.1.35 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin WPZOOM Addons for Elementor versions = 1.1.35...

libxslt: Multiple Vulnerabilities

Background libxslt is the XSLT C library developed for the GNOME project. XSLT itself is an XML language to define transformations for XML. Description Multiple vulnerabilities have been discovered in libxslt. Please review the CVE identifiers referenced below for details. Impact Please review th...

CVE-2023-22716

Auth. admin+ Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin = 1.1.35 versions...

WordPress Plugin OOPSpam Anti-Spam 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...