Lfi

759 CVEs technique

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-69383 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69375 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5. [CVSS 8.1 HIGH]

WordPress PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69374 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog - Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog - Elementor Blog And Magazine Addons: from n/a through <= 2.0.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69373 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69322 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68841 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack - Complete Elementor Addons, Theme &amp; CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack - Complete Elementor Addons, Theme &amp; CPT Builder: from n/a through <= 1.2.1. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68552 MEDIUM This Month

WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product is affected by php remote file inclusion (CVSS 6.3).

WordPress PHP Lfi
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-68545 CRITICAL Act Now

PHP Remote File Inclusion in Nika WordPress theme by thembay.

PHP Lfi
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-68543 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68539 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68536 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67992 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67988 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67982 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67981 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67980 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-60087 HIGH This Week

Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon is affected by php remote file inclusion (CVSS 8.1).

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-27343 HIGH This Week

PHP Local File Inclusion in Airtifact versions up to 1.2.91 permits authenticated attackers to read arbitrary files on the server through improper validation of include/require statements. With low privileges required and no user interaction necessary, an attacker can leverage this vulnerability to access sensitive configuration files or application source code. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27052 HIGH This Week

villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer is affected by php remote file inclusion (CVSS 7.5).

WordPress PHP Lfi Information Disclosure
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-25326 HIGH This Week

cmsmasters CMSMasters Content Composer cmsmasters-content-composer is affected by php remote file inclusion (CVSS 7.5).

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-0926 CRITICAL Act Now

Local File Inclusion in Prodigy Commerce WordPress plugin <= 3.2.9.

WordPress PHP Lfi Information Disclosure RCE
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-25548 CRITICAL POC PATCH Act Now

Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE Lfi Invoiceplane
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2025-12062 HIGH This Week

The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. [CVSS 8.8 HIGH]

WordPress PHP Lfi
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1988 HIGH This Week

Arbitrary PHP code execution in the Flexi Product Slider and Grid for WooCommerce WordPress plugin through version 1.0.5 allows authenticated contributors to exploit unsanitized file path parameters in the flexipsg_carousel shortcode to include and execute arbitrary files on the server. The vulnerability requires an attacker with Contributor-level access or above to create posts containing malicious shortcodes, but carries high risk due to lack of input validation on the theme parameter enabling local file inclusion attacks. No patch is currently available for this vulnerability.

WordPress PHP Lfi Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26217 HIGH PATCH This Week

Crawl4AI versions before 0.8.0 allow unauthenticated remote attackers to read arbitrary files from the server through file:// URL handling in Docker API endpoints (/execute_js, /screenshot, /pdf, /html), enabling exposure of sensitive configuration files, credentials, and environment variables. The vulnerability affects Docker deployments and AI/ML applications using the affected library, with no patch currently available.

Docker Lfi AI / ML Crawl4ai
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-15491 MEDIUM This Month

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks [CVSS 5.5 MEDIUM]

WordPress Lfi PHP
NVD WPScan
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15368 HIGH This Week

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be...

WordPress PHP Lfi Information Disclosure RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25027 HIGH This Week

ThemeMove Unicamp through version 2.7.1 contains a local file inclusion vulnerability in PHP that allows authenticated attackers to read arbitrary files on the server through improper filename validation in include/require statements. An attacker with valid credentials can leverage this flaw to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-2356 CRITICAL Act Now

Local File Inclusion in parisneo/lollms-webui /reinstall_extension endpoint allows authenticated users to include arbitrary local files. EPSS 0.26%.

Python RCE Lfi AI / ML
NVD GitHub
CVSS 3.0
9.6
EPSS
0.3%
CVE-2024-54263 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-1257 HIGH This Week

The Administrative Shortcodes plugin for WordPress through version 0.3.4 allows authenticated contributors and above to execute arbitrary PHP code via insufficient path validation in the get_template shortcode's slug parameter. An attacker with contributor-level permissions can exploit this local file inclusion vulnerability to include malicious files, bypass access controls, and achieve remote code execution on the affected server. A patch is not currently available for this vulnerability.

WordPress PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24635 HIGH This Week

DevsBlink EduBlink Core through version 2.0.7 contains a local file inclusion vulnerability in its PHP file handling that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters to bypass proper input validation and access sensitive system files. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24609 HIGH This Week

The Laurent theme for PHP versions 3.1 and earlier contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files on the affected system. An attacker with valid credentials can manipulate filename parameters in include/require statements to access sensitive data outside the intended application directory. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24608 HIGH This Week

Laurent Core plugin for PHP through version 2.4.1 contains a local file inclusion vulnerability in its filename handling for include/require statements, allowing authenticated attackers to read arbitrary files from the affected system. With a CVSS score of 7.5, this vulnerability enables confidentiality and integrity compromise, though exploitation requires valid credentials and no patch is currently available.

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24538 HIGH This Week

Omnipress through version 1.6.6 contains a local file inclusion vulnerability in its PHP program that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters in include/require statements to access sensitive files outside the intended directory. This vulnerability requires user interaction but poses significant risk to confidentiality with no available patch at this time.

PHP Lfi Information Disclosure
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-24531 CRITICAL Act Now

A WordPress plugin has a PHP Remote File Inclusion vulnerability (CWE-98) allowing unauthenticated remote code execution through crafted include paths.

PHP Lfi
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-24390 HIGH This Week

QantumThemes Kentha Elementor Widgets kentha-elementor is affected by php remote file inclusion (CVSS 7.5).

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-23978 CRITICAL Act Now

A WordPress plugin has a PHP Remote File Inclusion vulnerability (CWE-98) allowing unauthenticated attackers to include and execute arbitrary remote PHP files.

PHP Lfi
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-23975 CRITICAL Act Now

A WordPress plugin has a PHP Remote File Inclusion vulnerability enabling unauthenticated remote code execution through crafted include paths.

PHP Lfi
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-22464 HIGH This Week

wphocus My auctions allegro my-auctions-allegro-free-edition is affected by php remote file inclusion (CVSS 7.5).

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22402 HIGH This Week

Pavothemes Triply versions 2.4.7 and earlier contain a local file inclusion vulnerability in PHP that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters to bypass access controls and potentially execute code or expose sensitive data. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22401 HIGH This Week

Pavothemes Freshio versions 2.4.2 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read sensitive files on affected systems. The vulnerability stems from improper validation of file paths in include/require statements, enabling disclosure of confidential information such as configuration files and source code. This vulnerability currently lacks a published patch and has a low exploitation prevalence rate.

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-69314 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69100 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through <= 5.7.5. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69078 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through <= 1.3.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69077 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo: from n/a through <= 1.0.10. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69076 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69075 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Yolox yolox allows PHP Local File Inclusion.This issue affects Yolox: from n/a through <= 1.0.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69074 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through <= 1.11.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69073 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Piqes piqes allows PHP Local File Inclusion.This issue affects Piqes: from n/a through <= 1.0.11. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69072 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Prider prider allows PHP Local File Inclusion.This issue affects Prider: from n/a through <= 1.1.3.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69071 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes TanTum tantum allows PHP Local File Inclusion.This issue affects TanTum: from n/a through <= 1.1.13. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69070 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tornados tornados allows PHP Local File Inclusion.This issue affects Tornados: from n/a through <= 2.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69068 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Muji muji allows PHP Local File Inclusion.This issue affects Muji: from n/a through <= 1.2.0. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69067 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tails tails allows PHP Local File Inclusion.This issue affects Tails: from n/a through <= 1.4.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69066 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This issue affects Indoor Plants: from n/a through <= 1.2.7. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69065 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a through <= 1.4.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69064 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pets Land petsland allows PHP Local File Inclusion.This issue affects Pets Land: from n/a through <= 1.2.8. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69062 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Weedles weedles allows PHP Local File Inclusion.This issue affects Weedles: from n/a through <= 1.1.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69061 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through <= 1.2.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69060 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through <= 1.3.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69059 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through <= 1.4.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69058 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through <= 1.1.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69057 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldon: from n/a through <= 1.0. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69050 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69049 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through <= 1.6. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69047 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through <= 3.6.20. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69046 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through <= 1.3.6. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69044 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3. [CVSS 8.1 HIGH]

PHP Golang Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69043 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3. [CVSS 8.2 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-69042 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5. [CVSS 8.2 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-69041 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through <= 1.0.7. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-69040 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1. [CVSS 8.2 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-69039 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-69038 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through <= 1.3.6. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69037 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through <= 1.2.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69005 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through <= 2.8. [CVSS 8.1 HIGH]

PHP Golang Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69004 HIGH This Week

XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar is affected by php remote file inclusion (CVSS 8.1).

WordPress PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68913 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68908 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through <= 2.9.9.87. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-68905 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-68510 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67957 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through <= 2.3.77. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67955 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through <= 4.1.0. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-67946 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67941 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through < 2.9.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67940 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67938 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue affects Biagiotti: from n/a through < 3.5.2. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67616 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through <= 1.2.29. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-67615 HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-69383
EPSS 0% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Agence web Eoxia - Montpellier WP shop wpshop allows PHP Local File Inclusion.This issue affects WP shop: from n/a through <= 2.6.1. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVE-2025-69375
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Portfolio Builder swp-portfolio allows PHP Local File Inclusion.This issue affects Portfolio Builder: from n/a through <= 1.2.5. [CVSS 8.1 HIGH]

WordPress PHP Lfi
NVD
CVE-2025-69374
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SolverWp Eleblog - Elementor Blog And Magazine Addons ele-blog allows PHP Local File Inclusion.This issue affects Eleblog - Elementor Blog And Magazine Addons: from n/a through <= 2.0.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69373
EPSS 0% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidoRev vidorev allows PHP Local File Inclusion.This issue affects VidoRev: from n/a through <= 2.9.9.9.9.9.7. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVE-2025-69322
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through < 1.5.9. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-68841
EPSS 0% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themepul TopperPack - Complete Elementor Addons, Theme &amp; CPT Builder topper-pack allows PHP Local File Inclusion.This issue affects TopperPack - Complete Elementor Addons, Theme &amp; CPT Builder: from n/a through <= 1.2.1. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVE-2025-68552
EPSS 0% CVSS 6.3
MEDIUM This Month

WebCodingPlace WooCommerce Coming Soon Product with Countdown woo-coming-soon-product is affected by php remote file inclusion (CVSS 6.3).

WordPress PHP Lfi
NVD
CVE-2025-68545
EPSS 0% CVSS 9.1
CRITICAL Act Now

PHP Remote File Inclusion in Nika WordPress theme by thembay.

PHP Lfi
NVD
CVE-2025-68543
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-68539
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-68536
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67992
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67988
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67982
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67981
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67980
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-60087
EPSS 0% CVSS 8.1
HIGH This Week

Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon is affected by php remote file inclusion (CVSS 8.1).

PHP Lfi
NVD
CVE-2026-27343
EPSS 0% CVSS 7.5
HIGH This Week

PHP Local File Inclusion in Airtifact versions up to 1.2.91 permits authenticated attackers to read arbitrary files on the server through improper validation of include/require statements. With low privileges required and no user interaction necessary, an attacker can leverage this vulnerability to access sensitive configuration files or application source code. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVE-2026-27052
EPSS 0% CVSS 7.5
HIGH This Week

villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer is affected by php remote file inclusion (CVSS 7.5).

WordPress PHP Lfi +1
NVD VulDB
CVE-2026-25326
EPSS 0% CVSS 7.5
HIGH This Week

cmsmasters CMSMasters Content Composer cmsmasters-content-composer is affected by php remote file inclusion (CVSS 7.5).

PHP Lfi
NVD
CVE-2026-0926
EPSS 0% CVSS 9.8
CRITICAL Act Now

Local File Inclusion in Prodigy Commerce WordPress plugin <= 3.2.9.

WordPress PHP Lfi +2
NVD
CVE-2026-25548
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Remote Code Execution in InvoicePlane self-hosted invoicing application through code injection. PoC and patch available.

PHP RCE Lfi +1
NVD GitHub
CVE-2025-12062
EPSS 0% CVSS 8.8
HIGH This Week

The WP Maps - Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the fc_load_template function. [CVSS 8.8 HIGH]

WordPress PHP Lfi
NVD
CVE-2026-1988
EPSS 0% CVSS 7.5
HIGH This Week

Arbitrary PHP code execution in the Flexi Product Slider and Grid for WooCommerce WordPress plugin through version 1.0.5 allows authenticated contributors to exploit unsanitized file path parameters in the flexipsg_carousel shortcode to include and execute arbitrary files on the server. The vulnerability requires an attacker with Contributor-level access or above to create posts containing malicious shortcodes, but carries high risk due to lack of input validation on the theme parameter enabling local file inclusion attacks. No patch is currently available for this vulnerability.

WordPress PHP Lfi +1
NVD
CVE-2026-26217
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Crawl4AI versions before 0.8.0 allow unauthenticated remote attackers to read arbitrary files from the server through file:// URL handling in Docker API endpoints (/execute_js, /screenshot, /pdf, /html), enabling exposure of sensitive configuration files, credentials, and environment variables. The vulnerability affects Docker deployments and AI/ML applications using the affected library, with no patch currently available.

Docker Lfi AI / ML +1
NVD GitHub
CVE-2025-15491
EPSS 0% CVSS 5.5
MEDIUM This Month

The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks [CVSS 5.5 MEDIUM]

WordPress Lfi PHP
NVD WPScan
CVE-2025-15368
EPSS 0% CVSS 8.8
HIGH This Week

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be...

WordPress PHP Lfi +2
NVD
CVE-2026-25027
EPSS 0% CVSS 7.5
HIGH This Week

ThemeMove Unicamp through version 2.7.1 contains a local file inclusion vulnerability in PHP that allows authenticated attackers to read arbitrary files on the server through improper filename validation in include/require statements. An attacker with valid credentials can leverage this flaw to access sensitive files and potentially execute arbitrary code. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVE-2024-2356
EPSS 0% CVSS 9.6
CRITICAL Act Now

Local File Inclusion in parisneo/lollms-webui /reinstall_extension endpoint allows authenticated users to include arbitrary local files. EPSS 0.26%.

Python RCE Lfi +1
NVD GitHub
CVE-2024-54263
EPSS 0% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVE-2026-1257
EPSS 0% CVSS 7.5
HIGH This Week

The Administrative Shortcodes plugin for WordPress through version 0.3.4 allows authenticated contributors and above to execute arbitrary PHP code via insufficient path validation in the get_template shortcode's slug parameter. An attacker with contributor-level permissions can exploit this local file inclusion vulnerability to include malicious files, bypass access controls, and achieve remote code execution on the affected server. A patch is not currently available for this vulnerability.

WordPress PHP Lfi
NVD
CVE-2026-24635
EPSS 0% CVSS 7.5
HIGH This Week

DevsBlink EduBlink Core through version 2.0.7 contains a local file inclusion vulnerability in its PHP file handling that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters to bypass proper input validation and access sensitive system files. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVE-2026-24609
EPSS 0% CVSS 7.5
HIGH This Week

The Laurent theme for PHP versions 3.1 and earlier contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files on the affected system. An attacker with valid credentials can manipulate filename parameters in include/require statements to access sensitive data outside the intended application directory. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVE-2026-24608
EPSS 0% CVSS 7.5
HIGH This Week

Laurent Core plugin for PHP through version 2.4.1 contains a local file inclusion vulnerability in its filename handling for include/require statements, allowing authenticated attackers to read arbitrary files from the affected system. With a CVSS score of 7.5, this vulnerability enables confidentiality and integrity compromise, though exploitation requires valid credentials and no patch is currently available.

PHP Lfi
NVD
CVE-2026-24538
EPSS 0% CVSS 7.6
HIGH This Week

Omnipress through version 1.6.6 contains a local file inclusion vulnerability in its PHP program that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters in include/require statements to access sensitive files outside the intended directory. This vulnerability requires user interaction but poses significant risk to confidentiality with no available patch at this time.

PHP Lfi Information Disclosure
NVD
CVE-2026-24531
EPSS 0% CVSS 9.8
CRITICAL Act Now

A WordPress plugin has a PHP Remote File Inclusion vulnerability (CWE-98) allowing unauthenticated remote code execution through crafted include paths.

PHP Lfi
NVD
CVE-2026-24390
EPSS 0% CVSS 7.5
HIGH This Week

QantumThemes Kentha Elementor Widgets kentha-elementor is affected by php remote file inclusion (CVSS 7.5).

PHP Lfi
NVD
CVE-2026-23978
EPSS 0% CVSS 9.8
CRITICAL Act Now

A WordPress plugin has a PHP Remote File Inclusion vulnerability (CWE-98) allowing unauthenticated attackers to include and execute arbitrary remote PHP files.

PHP Lfi
NVD
CVE-2026-23975
EPSS 0% CVSS 9.8
CRITICAL Act Now

A WordPress plugin has a PHP Remote File Inclusion vulnerability enabling unauthenticated remote code execution through crafted include paths.

PHP Lfi
NVD
CVE-2026-22464
EPSS 0% CVSS 7.5
HIGH This Week

wphocus My auctions allegro my-auctions-allegro-free-edition is affected by php remote file inclusion (CVSS 7.5).

PHP Lfi
NVD
CVE-2026-22402
EPSS 0% CVSS 7.5
HIGH This Week

Pavothemes Triply versions 2.4.7 and earlier contain a local file inclusion vulnerability in PHP that allows authenticated attackers to read arbitrary files on the server. An attacker with valid credentials can manipulate filename parameters to bypass access controls and potentially execute code or expose sensitive data. No patch is currently available for this vulnerability.

PHP Lfi
NVD
CVE-2026-22401
EPSS 0% CVSS 7.5
HIGH This Week

Pavothemes Freshio versions 2.4.2 and earlier contain a local file inclusion vulnerability in PHP that allows unauthenticated remote attackers to read sensitive files on affected systems. The vulnerability stems from improper validation of file paths in include/require statements, enabling disclosure of confidential information such as configuration files and source code. This vulnerability currently lacks a published patch and has a low exploitation prevalence rate.

PHP Lfi
NVD
CVE-2025-69314
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69100
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through <= 5.7.5. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69078
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through <= 1.3.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69077
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo: from n/a through <= 1.0.10. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69076
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69075
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Yolox yolox allows PHP Local File Inclusion.This issue affects Yolox: from n/a through <= 1.0.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69074
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through <= 1.11.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69073
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Piqes piqes allows PHP Local File Inclusion.This issue affects Piqes: from n/a through <= 1.0.11. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69072
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Prider prider allows PHP Local File Inclusion.This issue affects Prider: from n/a through <= 1.1.3.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69071
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes TanTum tantum allows PHP Local File Inclusion.This issue affects TanTum: from n/a through <= 1.1.13. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69070
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tornados tornados allows PHP Local File Inclusion.This issue affects Tornados: from n/a through <= 2.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69068
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Muji muji allows PHP Local File Inclusion.This issue affects Muji: from n/a through <= 1.2.0. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69067
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tails tails allows PHP Local File Inclusion.This issue affects Tails: from n/a through <= 1.4.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69066
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This issue affects Indoor Plants: from n/a through <= 1.2.7. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69065
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a through <= 1.4.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69064
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pets Land petsland allows PHP Local File Inclusion.This issue affects Pets Land: from n/a through <= 1.2.8. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69062
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Weedles weedles allows PHP Local File Inclusion.This issue affects Weedles: from n/a through <= 1.1.12. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69061
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through <= 1.2.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69060
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through <= 1.3.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69059
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through <= 1.4.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69058
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through <= 1.1.15. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69057
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldon: from n/a through <= 1.0. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69050
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69049
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through <= 1.6. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69047
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through <= 3.6.20. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69046
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through <= 1.3.6. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69044
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3. [CVSS 8.1 HIGH]

PHP Golang Lfi
NVD
CVE-2025-69043
EPSS 0% CVSS 8.2
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3. [CVSS 8.2 HIGH]

PHP Lfi
NVD
CVE-2025-69042
EPSS 0% CVSS 8.2
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5. [CVSS 8.2 HIGH]

PHP Lfi
NVD
CVE-2025-69041
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through <= 1.0.7. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69040
EPSS 0% CVSS 8.2
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bfres bfres allows PHP Local File Inclusion.This issue affects Bfres: from n/a through <= 1.2.1. [CVSS 8.2 HIGH]

PHP Lfi
NVD
CVE-2025-69039
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through <= 1.3.4. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69038
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Hyori hyori allows PHP Local File Inclusion.This issue affects Hyori: from n/a through <= 1.3.6. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69037
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Pippo pippo allows PHP Local File Inclusion.This issue affects Pippo: from n/a through <= 1.2.3. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-69005
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through <= 2.8. [CVSS 8.1 HIGH]

PHP Golang Lfi
NVD
CVE-2025-69004
EPSS 0% CVSS 8.1
HIGH This Week

XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar is affected by php remote file inclusion (CVSS 8.1).

WordPress PHP Lfi
NVD
CVE-2025-68913
EPSS 0% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVE-2025-68908
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through <= 2.9.9.87. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-68905
EPSS 0% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVE-2025-68510
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67957
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through <= 2.3.77. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67955
EPSS 0% CVSS 7.5
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through <= 4.1.0. [CVSS 7.5 HIGH]

PHP Lfi
NVD
CVE-2025-67946
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67941
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through < 2.9.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67940
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67938
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue affects Biagiotti: from n/a through < 3.5.2. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67616
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through <= 1.2.29. [CVSS 8.1 HIGH]

PHP Lfi
NVD
CVE-2025-67615
EPSS 0% CVSS 8.1
HIGH This Week

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1. [CVSS 8.1 HIGH]

PHP Lfi
NVD
Prev Page 4 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy