Local File Inclusion (LFI) - 1546 CVEs (Page 8/13)

2025-06-09

High

CVE-2025-49275

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-48126

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Incl…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-48125

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclu…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39476

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Revo revo allows PHP Local File Inclusion.This issue affects Revo: f…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39475

Path Traversal: '.../...//' vulnerability in Frenify Arlo arlo allows PHP Local File Inclusion.This issue affects Arlo: from n/a through <= 6.0.3.

CVSS: 8.1 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD

High

CVE-2025-39473

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebGeniusLab Seofy Core seofy-core allows PHP Local File Inclusion.This issue affects Seofy Core: from…

CVSS: 8.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

High

CVE-2025-32595

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: f…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-28992

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Anton snsanton allows PHP Local File Inclusion.This issue affects…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-28945

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme valen allows PHP L…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-28944

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Avaz snsavaz allows PHP Local File Inclusion.This issue affects Avaz:…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-28888

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme GiftXtore bw-giftxtore allows PHP Local File Inclusion.This issue aff…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-27362

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Petito bw-petito allows PHP Local File Inclusion.This issue affects P…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-26592

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: fr…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-24770

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme CraftXtore bw-craftxtore allows PHP Local File Inclusion.This issue a…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-24768

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nit…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2023-26005

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Fitrush allows PHP Local File Inclusion. This issue affects Fitrush:…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2023-25999

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Loca…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-06-06

High

CVE-2025-49313

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: f…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-49308

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclu…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-49307

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magazine3 WP Multilang wp-multilang allows PHP Local File Inclusion.This issue…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-30999

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fahad Mahmood External Store for Shopify wp-shopify allows PHP Local File Incl…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2023-25995

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in choicehomemortgage AI Mortgage Calculator allows PHP Local File Inclusion. Thi…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

Critical

CVE-2025-47586

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors - Events stm-motors-events allows PHP Local File Inclusi…

CVSS: 9.0 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-06-02

High

CVE-2025-48940

MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file inclusion (LFI) via a s…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

Medium

CVE-2024-40112

A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary…

CVSS: 5.9 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-05-31

High

CVE-2025-4857

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers,…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2025-05-30

Medium

CVE-2025-4634

The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the…

CVSS: 4.1 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD

2025-05-27

Medium

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2025-05-23

High

CVE-2025-48292

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue af…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47672

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration miniorange-discord-integration allow…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47670

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47453

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import wp-smart-import allows PHP Local File Inclusion.T…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47438

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This i…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-46474

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affe…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

Critical

CVE-2025-46468

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue aff…

CVSS: 9.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-46454

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords & Description wp-meta-keywords-meta-description allows P…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-46444

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro ap-plugin-scripteo allows PHP Local File Inclusion.This issue…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39506

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affec…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39494

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39490

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusi…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32309

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32302

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex winnex allows PHP Local File Inclusion.This issue affects Winnex…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32294

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Oxpitan oxpitan allows PHP Local File Inclusion.This issue affects Oxpi…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32289

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi yozi allows PHP Local File Inclusion.This issue affects Yozi: f…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32286

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher butcher allows PHP Local File Inclusion.This issue affects B…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31913

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami ogami allows PHP Local File Inclusion.This issue affects Ogami…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31912

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31633

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local Fi…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31632

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31064

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting vizeon allows PHP Local File Inclusion.Thi…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31060

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie capie allows PHP Local File Inclusion.This issue affects Capie…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-05-22

Medium

CVE-2025-3444

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loade…

CVSS: 6.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD

2025-05-21

Medium

CVE-2025-25539

Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.

CVSS: 6.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

Critical

CVE-2025-4524

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter.…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2025-05-19

High

CVE-2025-32925

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusi…

CVSS: 8.3 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39458

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects F…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

Critical

CVE-2025-39406

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPAMS apartment-management allows PHP Local File Inclusion.This issue…

CVSS: 9.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39396

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews jet-reviews allows PHP Local File Inclusion.This issue a…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-27010

Path Traversal: '.../...//' vulnerability in bslthemes Tastyc tastyc allows PHP Local File Inclusion.This issue affects Tastyc: from n/a through < 2.5.2.

CVSS: 8.1 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD

High

CVE-2025-39364

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce woo-category-slider-by-plug…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-05-16

High

CVE-2025-48136

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows PHP Loc…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47693

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking fat-services-booking allows PHP Local File Inclus…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39507

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affec…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-05-15

High

CVE-2024-13914

The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-m…

CVSS: 7.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2025-05-10

High

CVE-2025-2158

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post cu…

CVSS: 8.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2025-05-07

High

CVE-2025-47653

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recal…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47649

Path Traversal: '.../...//' vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows PHP Local File Inclusion.This issue affects Open Close WooCommerce Store: from n/a through <= 4…

CVSS: 8.8 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD

High

CVE-2025-47636

Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.

CVSS: 7.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD

High

CVE-2025-47533

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4.

CVSS: 8.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

High

CVE-2025-47531

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events allows PHP L…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47510

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows PHP Local…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47508

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress gamipress allows PHP Local File Inclusion.This issue af…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47498

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue af…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47496

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress PublishPress Authors publishpress-authors allows PHP Local File I…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47494

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue a…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47440

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts wpadverts allows PHP Local File Inclusion.This issue…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-47439

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor download-monitor allows PHP Local File Inclusion.Thi…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-04-26

High

CVE-2025-2101

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This ma…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-04-24

High

CVE-2025-46230

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GhozyLab Popup Builder easy-notify-lite allows PHP Local File Inclusion.This i…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39399

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashraful Sarkar Naiem License For Envato license-envato allows PHP Local File…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39391

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zamartz Checkout Field Visibility for WooCommerce checkout-field-visibility-fo…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39387

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpoperations Opstore opstore allows PHP Local File Inclusion.This issue affect…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39384

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in cedcommerce Product Lister for eBay product-lister-ebay allows PHP Local File…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39383

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codeworkweb Xews Lite xews-lite allows PHP Local File Inclusion.This issue aff…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39379

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Capturly Capturly capturly-optimize-your-website allows PHP Local File Inclusi…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39378

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39360

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag grace-mag allows PHP Local File Inclusion.This issue a…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39359

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codeworkweb CWW Portfolio cww-portfolio allows PHP Local File Inclusion.This i…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32921

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpoperations Arrival arrival allows PHP Local File Inclusion.This issue affect…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-04-22

Critical

CVE-2025-43951

LabVantage before LV 8.8.0.13 HF6 allows local file inclusion. Authenticated users can retrieve arbitrary files from the environment via the objectname request parameter.

CVSS: 9.8 CWE: CWE-73 - External Control of File Name or Path View on NVD

2025-04-21

Critical

CVE-2025-0632

Local File Inclusion (LFI) vulnerability in a Render function of Formulatrix Rock Maker Web (RMW) allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor cou…

CVSS: 9.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

2025-04-18

High

CVE-2025-39470

Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0.

CVSS: 8.1 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD

2025-04-17

High

CVE-2025-39526

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue af…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39462

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in teamzt Smart Agreements smart-agreements allows PHP Local File Inclusion.This…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39461

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This i…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39452

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WP…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39429

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Földesi, Mihály Széchenyi 2020 Logo szechenyi-2020-logo allows PHP Local File…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31030

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows PHP Local…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-04-16

High

CVE-2025-39592

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39584

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-39570

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member wpcom-member allows PHP Local File Inclusion.This issue affe…

CVSS: 8.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-1982

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content…

CVSS: 7.1 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD

2025-04-15

High

CVE-2025-27011

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-wooco…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-26748

Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0.

CVSS: 8.1 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD

High

CVE-2025-26894

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mobeen Abdullah Coming Soon, Maintenance Mode site-mode allows PHP Local File…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-26889

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hockeydata hockeydata LOS hockeydata-los allows PHP Local File Inclusion.This…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

2025-04-11

High

CVE-2025-32672

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32663

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon fat-coming-soon allows PHP Local File Inclusion.This…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32656

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pr…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32654

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local Fil…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32627

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affe…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32614

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue a…

CVSS: 8.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32589

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi – Guest Submit flexi allows PHP Local File Inclusion.This issue af…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32587

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp wc-pickupp allows PHP Local File Inclusion.This issue affects WooCommerce P…

CVSS: 8.1 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD

High

CVE-2025-32585

Path Traversal: '.../...//' vulnerability in Trusty Plugins Shop Products Filter trusty-woo-products-filter allows PHP Local File Inclusion.This issue affects Shop Products Filter: from n/a through <…

CVSS: 7.5 CWE: CWE-35 - Path Traversal: '.../...//' View on NVD

Critical

CVE-2025-32577

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.T…

CVSS: 9.8 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-32519

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affect…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31040

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File In…

CVSS: 8.1 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31015

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Adrian Tobey WordPress SMTP Service, Email Delivery Solved! — MailHawk mailhaw…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

High

CVE-2025-31014

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.…

CVSS: 7.5 CWE: CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') View on NVD

About “Local File Inclusion (LFI)”

CVE-2025-49275

CVE-2025-48126

CVE-2025-48125

CVE-2025-39476

CVE-2025-39475

CVE-2025-39473

CVE-2025-32595

CVE-2025-28992

CVE-2025-28945

CVE-2025-28944

CVE-2025-28888

CVE-2025-27362

CVE-2025-26592

CVE-2025-24770

CVE-2025-24768

CVE-2023-26005

CVE-2023-25999

CVE-2025-49313

CVE-2025-49308

CVE-2025-49307

CVE-2025-30999

CVE-2023-25995

CVE-2025-47586

CVE-2025-48940

CVE-2024-40112

CVE-2025-4857

CVE-2025-4634

CVE-2025-48744

CVE-2025-48292

CVE-2025-47672

CVE-2025-47670

CVE-2025-47453

CVE-2025-47438

CVE-2025-46474

CVE-2025-46468

CVE-2025-46454

CVE-2025-46444

CVE-2025-39506

CVE-2025-39494

CVE-2025-39490

CVE-2025-32309

CVE-2025-32302

CVE-2025-32294

CVE-2025-32289

CVE-2025-32286

CVE-2025-31913

CVE-2025-31912

CVE-2025-31633

CVE-2025-31632

CVE-2025-31064

CVE-2025-31060

CVE-2025-3444

CVE-2025-25539

CVE-2025-4524

CVE-2025-32925

CVE-2025-39458

CVE-2025-39406

CVE-2025-39396

CVE-2025-27010

CVE-2025-39364

CVE-2025-48136

CVE-2025-47693

CVE-2025-39507

CVE-2024-13914

CVE-2025-2158

CVE-2025-47653

CVE-2025-47649

CVE-2025-47636

CVE-2025-47533

CVE-2025-47531

CVE-2025-47510

CVE-2025-47508

CVE-2025-47498

CVE-2025-47496

CVE-2025-47494

CVE-2025-47440

CVE-2025-47439

CVE-2025-2101

CVE-2025-46230