Total
524 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14475 | 2 Nenad-obradovic, Wordpress | 2 Extensive Vc Addons For Wpbakery Page Builder, Wordpress | 2025-12-14 | 8.1 High |
| The Extensive VC Addons for WPBakery page builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.1 via the `extensive_vc_get_module_template_part` function. This is due to insufficient path normalization and validation of the user-supplied `shortcode_name` parameter in the `extensive_vc_init_shortcode_pagination` AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files via the `shortcode_name` parameter. | ||||
| CVE-2024-58302 | 1 Flarum | 1 Pretty Mail | 2025-12-12 | N/A |
| FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email generation. | ||||
| CVE-2025-13886 | 1 Wordpress | 1 Wordpress | 2025-12-12 | 7.5 High |
| The LT Unleashed plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'template' parameter in the `book` shortcode due to insufficient path sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files such as wp-config.php can be included. | ||||
| CVE-2025-63738 | 2 Rockoa, Xinhu | 2 Rockoa, Rockoa | 2025-12-12 | 4.3 Medium |
| An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php. | ||||
| CVE-2025-60574 | 2 Tquadra, Webair | 2 Tquadra Cms, Tquadra Cms | 2025-12-11 | 7.5 High |
| A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system. | ||||
| CVE-2025-67526 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue affects Sailing: from n/a through < 4.4.6. | ||||
| CVE-2025-67532 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. | ||||
| CVE-2025-67531 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Turitor turitor allows PHP Local File Inclusion.This issue affects Turitor: from n/a through < 1.5.3. | ||||
| CVE-2025-67530 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. | ||||
| CVE-2025-67529 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through < 5.3.0. | ||||
| CVE-2025-67527 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue affects Digiqole: from n/a through < 2.2.7. | ||||
| CVE-2025-67525 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP ekommart ekommart allows PHP Local File Inclusion.This issue affects ekommart: from n/a through < 4.3.1. | ||||
| CVE-2025-67524 | 3 Elementor, Nootheme, Wordpress | 3 Elementor, Jobmonster, Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster Elementor Addon jobmonster-addon allows PHP Local File Inclusion.This issue affects Jobmonster Elementor Addon: from n/a through <= 1.1.4. | ||||
| CVE-2025-67523 | 1 Wordpress | 1 Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue affects Exhibz: from n/a through <= 3.0.9. | ||||
| CVE-2025-67522 | 2 Nootheme, Wordpress | 2 Jobmonster, Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through <= 4.8.2. | ||||
| CVE-2025-67521 | 2 Select-themes, Wordpress | 2 Select Core, Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Select Core select-core allows PHP Local File Inclusion.This issue affects Select Core: from n/a through < 2.6. | ||||
| CVE-2025-67515 | 2 Mikado-themes, Wordpress | 2 Wilmer, Wordpress | 2025-12-11 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5. | ||||
| CVE-2025-63003 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North - Required Plugin north-plugin allows PHP Local File Inclusion.This issue affects North - Required Plugin: from n/a through <= 1.4.2. | ||||
| CVE-2025-63036 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows PHP Local File Inclusion.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68. | ||||
| CVE-2025-67528 | 1 Wordpress | 1 Wordpress | 2025-12-10 | 5.1 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. | ||||