2108 matches found
CVE-2025-69074
CVE-2025-69074 describes an Unauthenticated Local File Inclusion (LFI) in the WordPress theme Pearson Specter by AncoraThemes, affecting Pearson Specter versions up to and including 1.11.3. The vulnerability arises from improper filename control for PHP include/require, enabling an attacker to di...
CVE-2025-69074 WordPress Pearson Specter theme <= 1.11.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through = 1.11.3...
CVE-2025-69065 WordPress Snow Mountain theme <= 1.4.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a through = 1.4.3...
CVE-2025-69064 WordPress Pets Land theme <= 1.2.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pets Land petsland allows PHP Local File Inclusion.This issue affects Pets Land: from n/a through = 1.2.8...
CVE-2025-69061 WordPress MoveMe theme <= 1.2.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through = 1.2.15...
CVE-2025-69058 WordPress PartyMaker theme <= 1.1.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through = 1.1.15...
CVE-2025-69057 WordPress Eldon theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldon: from n/a through = 1.0...
CVE-2025-69051
CVE-2025-69051 is a confirmed Reflected XSS in ListingPro Reviews (CridioStudio ListingPro Reviews plugin). Affected: ListingPro Reviews versions from n/a up to and including 1.7. Root cause per description: improper neutralization of input during web page generation. Connected sources list Refle...
CVE-2025-69039 WordPress Bailly theme <= 1.3.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through = 1.3.4...
CVE-2025-69004
The CVE-2025-69004 entry relates to XpeedStudio Bajaar (WordPress theme) versions up to and including 2.1.0, with an Improper Filename for Include/Require Statement vulnerability that enables PHP Local File Inclusion. It is listed as a high-severity issue (CVSS 3.1: 8.1, network attack vector, no...
CVE-2025-69004 WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...
CVE-2025-69004
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...
CVE-2025-69005 WordPress Search & Go theme <= 2.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through = 2.8...
CVE-2025-69004 WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...
CVE-2025-68908 WordPress Barberry theme <= 2.9.9.87 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through = 2.9.9.87...
CVE-2025-68901 WordPress Anona theme <= 8.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through = 8.0...
CVE-2025-68902 WordPress Anona theme <= 8.0 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through = 8.0...
CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...
CVE-2025-67946
CVE-2025-67946 affects the WordPress theme AdForest (AdForest: <= 6.0.11). The issue is described as an improper control of the filename for include/require, leading to a Local File Inclusion (LFI) vulnerability (initial description mentions a PHP Remote File Inclusion context but the observab...
CVE-2025-67946 WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through = 6.0.11...