2 matches found
CVE-2025-39494
CVE-2025-39494 refers to a Local File Inclusion vulnerability in the WordPress theme Wilmër by Mikado-Themes. The issue arises from improper control of the filename used in PHP include/require, enabling LFI via PHP Remote File Inclusion mechanics. Affected: Wilmër versions prior to 3.4.2. Evidenc...
CVE-2025-67515
CVE-2025-67515 affects Wilmër WordPress Theme (Wilmër) up to v3.4.x; improper control of filenames in PHP includes enables PHP Local File Inclusion (PHP RFI). CVSS 3.1 base score 8.8 (HIGH) with network access, low attack complexity, low privileges required, no user interaction; impact includes c...