CVE-2025-49070 WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi allows PHP Local File Inclusion. This issue affects Elessi: from n/a through n/a...

CVE-2025-49070 WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through 6.4.1...

CVE-2025-49873

CVE-2025-49873 refers to a Cross-Site Scripting flaw in WordPress Theme Elessi (versions n/a through 6.3.9). The root cause is improper neutralization of input during web page generation, enabling reflected XSS. Patch data indicates the issue is fixed in version 6.4.1 of Elessi (update to at leas...