Skip to main content

LFI

1172 CVEs technique

Monthly

CVE-2024-50435 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Meta News meta-news.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-50434 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse NewsCard newscard.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-50497 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
2.1%
CVE-2024-8392 HIGH This Week

The WordPress Post Grid Layouts with Pagination - Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.6 via the 'tab' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI Information Disclosure PHP CSRF WordPress +1
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-49701 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Mags mags.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-49690 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-49243 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP Elementor
NVD VulDB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2024-49317 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
4.6%
CVE-2024-49251 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acnoo Maan Addons For Elementor maan-elementor-addons allows Local Code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
3.9%
CVE-2024-48029 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
3.3%
CVE-2024-9981 HIGH This Week

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP Ee Class
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-47323 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-44023 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in abcapp ABCApp Creator abcapp-creator.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-41925 CRITICAL Act Now

The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Authentication Bypass
NVD
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-44048 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-8252 HIGH POC PATCH This Week

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE LFI Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2024-5762 HIGH This Week

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI RCE PHP Zen Cart
NVD
CVSS 3.1
8.1
EPSS
71.6%
CVE-2024-43261 CRITICAL Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.2.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2024-4359 MEDIUM This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure WordPress LFI Element Pack
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-6589 HIGH PATCH This Week

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE LFI Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-21687 HIGH This Week

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Atlassian Bamboo
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-38735 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Event post event-post.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-37520 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme ShopBuilder - Elementor WooCommerce Builder Addons. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
6.5
EPSS
1.6%
CVE-2024-37410 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
4.9
EPSS
0.9%
CVE-2024-37479 HIGH This Week

Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.3.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Element Kit For Elementor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5431 HIGH This Week

The WPCafe - Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP LFI Wpcafe
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-5455 HIGH This Week

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP WordPress RCE +2
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-5503 HIGH This Week

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP WordPress RCE +1
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-5574 HIGH This Week

The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP LFI Information Disclosure RCE WordPress
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-4551 MEDIUM POC PATCH This Month

The Video Gallery - YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2024-4258 CRITICAL PATCH Act Now

The Video Gallery - YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-3813 HIGH This Week

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5577 CRITICAL Act Now

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP WordPress RCE
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-4936 CRITICAL PATCH Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

LFI PHP WordPress RCE Canto
NVD
CVSS 3.1
9.8
EPSS
11.5%
CVE-2024-36415 HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-35650 MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.3.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-4887 HIGH PATCH Act Now

The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 18.1%.

PHP LFI Information Disclosure RCE WordPress +2
NVD
CVSS 3.1
7.5
EPSS
18.1%
CVE-2024-35629 CRITICAL Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads - Recent Purchases allows PHP Remote File. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Easy Digital Downloads
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-36569 HIGH POC This Week

Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP Gas Agency Management System
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-5348 HIGH This Week

The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3564 HIGH PATCH This Week

The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-5345 HIGH This Week

The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP LFI Information Disclosure RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3812 HIGH This Week

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-3810 HIGH This Week

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-32523 HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.0.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 35.5% and no vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
CVSS 3.1
8.1
EPSS
35.5%
CVE-2024-27971 HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 50.4% and no vendor patch available.

Information Disclosure WordPress LFI PHP
NVD VulDB
CVSS 3.1
8.3
EPSS
50.4%
CVE-2024-3551 CRITICAL Act Now

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-4670 HIGH This Week

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-33863 CRITICAL Act Now

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Microsoft Linqi
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-4441 HIGH This Week

The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google WordPress PHP RCE LFI +1
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-3809 HIGH This Week

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-3808 HIGH This Week

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-3807 HIGH This Week

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE LFI Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2024-3806 CRITICAL Emergency

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.5% and no vendor patch available.

WordPress PHP RCE LFI Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
56.5%
CVE-2024-34314 MEDIUM This Month

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Cmseasy
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2024-3849 HIGH This Week

The Click to Chat - HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-3500 HIGH This Week

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-3499 HIGH PATCH This Week

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +2
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-1600 CRITICAL POC PATCH THREAT Act Now

A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI PHP Path Traversal Lollms Web Ui
NVD GitHub
CVSS 3.0
9.3
EPSS
31.1%
CVE-2024-3136 CRITICAL POC PATCH THREAT Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

WordPress PHP RCE LFI Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
49.6%
Threat
4.9
CVE-2024-30849 CRITICAL POC Act Now

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP File Upload Complete E Commerce Site
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-2047 HIGH PATCH This Week

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +2
NVD VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-3061 HIGH PATCH This Week

The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +1
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2024-2411 CRITICAL PATCH Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2024-1382 HIGH PATCH This Week

The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-6989 CRITICAL POC PATCH THREAT Act Now

The Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

LFI WordPress Information Disclosure PHP Shield Security
NVD VulDB
CVSS 3.1
9.8
EPSS
61.9%
Threat
5.3
CVE-2024-0315 HIGH This Week

Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Central Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49084 HIGH POC THREAT Act Now

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE LFI PHP SQLi Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
63.8%
CVE-2023-5815 HIGH POC PATCH THREAT Act Now

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 43.2%.

PHP LFI RCE Docker WordPress +1
NVD VulDB
CVSS 3.1
8.1
EPSS
43.2%
Threat
4.4
CVE-2023-5099 HIGH PATCH This Week

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5250 HIGH This Week

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-5199 CRITICAL POC Act Now

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP WordPress RCE Php To Page
NVD VulDB
CVSS 3.1
9.9
EPSS
4.9%
CVE-2023-4488 CRITICAL PATCH Act Now

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP RCE LFI Information Disclosure +1
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-31718 npm HIGH POC This Week

FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-31716 npm HIGH This Week

FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23565 MEDIUM POC This Month

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Isigeo Web
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-3452 CRITICAL POC PATCH THREAT Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.1%.

PHP RCE WordPress LFI Canto
NVD
CVSS 3.1
9.8
EPSS
87.1%
Threat
6.1
CVE-2023-4195 PHP HIGH POC PATCH This Week

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

LFI PHP Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2249 HIGH PATCH Act Now

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.2%.

Deserialization WordPress PHP SSRF RCE +2
NVD VulDB
CVSS 3.1
8.8
EPSS
48.2%
CVE-2023-2551 HIGH POC PATCH This Week

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

LFI PHP Information Disclosure Bumsys
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-24217 HIGH POC This Week

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Electronic Lab Notebook
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-4606 CRITICAL POC PATCH THREAT Act Now

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI Information Disclosure PHP Flatpress
NVD GitHub
CVSS 3.1
9.8
EPSS
35.4%
CVE-2022-4446 CRITICAL POC PATCH Act Now

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI Information Disclosure PHP Corebos
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-44786 HIGH POC This Week

An issue was discovered in Appalti & Contratti 9.12.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI Information Disclosure PHP Appalti Contratti
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-41547 PyPI HIGH POC PATCH This Week

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP LFI Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-40089 CRITICAL POC Act Now

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP LFI Simple College Website
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-29113 MEDIUM This Month

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Code Injection Arcgis Server
NVD
CVSS 3.1
4.7
EPSS
0.8%
CVE-2021-22968 PHP HIGH POC PATCH This Week

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP File Upload Concrete Cms
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-21804 CRITICAL POC Act Now

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP R Seenet
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2020-13175 HIGH This Week

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP Cloud Access Connector Cloud Access Connector Legacy
NVD
CVSS 3.1
7.5
EPSS
1.7%
EPSS 2% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Meta News meta-news.1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 2% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse NewsCard newscard.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 2% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

The WordPress Post Grid Layouts with Pagination - Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.6 via the 'tab' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI Information Disclosure PHP +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Mags mags.1.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 3% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 2% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP +1
NVD VulDB
EPSS 5% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 4% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acnoo Maan Addons For Elementor maan-elementor-addons allows Local Code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 3% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ex-Themes WP Timeline - Vertical and Horizontal timeline plugin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 1% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in abcapp ABCApp Creator abcapp-creator.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 1% CVSS 9.3
CRITICAL Act Now

The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Authentication Bypass
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress LFI +1
NVD VulDB
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE +3
NVD
EPSS 72% CVSS 8.1
HIGH This Week

Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

LFI RCE PHP +1
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.2.1. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure WordPress +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP WordPress RCE +3
NVD
EPSS 1% CVSS 8.1
HIGH This Week

This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Event post event-post.9.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 2% CVSS 6.5
MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme ShopBuilder - Elementor WooCommerce Builder Addons. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress LFI +1
NVD VulDB
EPSS 1% CVSS 4.9
MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in IdeaBox Creations PowerPack Lite for Beaver Builder. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Local File Inclusion vulnerability in LA-Studio LA-Studio Element Kit for Elementor via "LaStudioKit Progress Bar" widget in New Post, specifically in the "progress_type" attribute.3.8.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The WPCafe - Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress PHP +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP +4
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP LFI Information Disclosure +2
NVD
EPSS 0% CVSS 6.4
MEDIUM POC PATCH This Month

The Video Gallery - YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Information Disclosure RCE +3
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The Video Gallery - YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP RCE +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version <= 1.1.1 via the WIW_HEADER parameter of the /system/include/include_user.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP +2
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.5%.

LFI PHP WordPress +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI RCE PHP +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.3.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 18% CVSS 7.5
HIGH PATCH Act Now

The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 18.1%.

PHP LFI Information Disclosure +4
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads - Recent Purchases allows PHP Remote File. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +1
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP LFI Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 35% CVSS 8.1
HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.0.6. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 35.5% and no vendor patch available.

Information Disclosure LFI PHP
NVD VulDB
EPSS 50% CVSS 8.3
HIGH Act Now

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 50.4% and no vendor patch available.

Information Disclosure WordPress LFI +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google WordPress PHP +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 6% CVSS 8.8
HIGH This Week

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP RCE +2
NVD
EPSS 56% CVSS 9.8
CRITICAL Emergency

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.5% and no vendor patch available.

WordPress PHP RCE +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

The Click to Chat - HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE +4
NVD
EPSS 31% CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI PHP Path Traversal +1
NVD GitHub
EPSS 50% 4.9 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 49.6%.

WordPress PHP RCE +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP +2
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE +4
NVD VulDB
EPSS 1% CVSS 7.2
HIGH PATCH This Week

The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

WordPress PHP RCE +3
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure RCE +3
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE +3
NVD
EPSS 62% 5.3 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Shield Security - Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 61.9%.

LFI WordPress Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +1
NVD
EPSS 64% CVSS 8.8
HIGH POC THREAT Act Now

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE LFI PHP +2
NVD GitHub
EPSS 43% 4.4 CVSS 8.1
HIGH POC PATCH THREAT Act Now

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is vulnerable to Remote Code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 43.2%.

PHP LFI RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE +3
NVD VulDB
EPSS 5% CVSS 9.9
CRITICAL POC Act Now

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP WordPress +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP RCE +3
NVD VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM POC This Month

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure +1
NVD GitHub
EPSS 87% 6.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.1%.

PHP RCE WordPress +2
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

LFI PHP Information Disclosure +1
NVD GitHub
EPSS 48% CVSS 8.8
HIGH PATCH Act Now

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.2%.

Deserialization WordPress PHP +4
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

LFI PHP Information Disclosure +1
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure +1
NVD Exploit-DB
EPSS 35% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI Information Disclosure PHP +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

LFI Information Disclosure PHP +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in Appalti & Contratti 9.12.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI Information Disclosure PHP +1
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP LFI +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP LFI +1
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Code Injection +1
NVD
EPSS 3% CVSS 7.2
HIGH POC PATCH This Week

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP +2
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April 20, 2020 (v15 and earlier for Cloud Access Connector) contains a local. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure LFI PHP +2
NVD
Prev Page 13 of 14 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy