CVE Daily
← All tags

Tag: Local File Inclusion (LFI)

All CVEs associated with "Local File Inclusion (LFI)". Page 1/1 • 44 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-08-16
High

CVE-2025-8142

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers…

CVSS: 8.8 CWE: CWE-98
Read more
High

CVE-2025-3671

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible fo…

CVSS: 8.8 CWE: CWE-22
Read more
Medium

CVE-2024-8393

The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for aut…

CVSS: 6.6 CWE: CWE-98
Read more
2025-08-15
High

CVE-2025-7650

The BizCalendar Web plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.0.50 via the 'bizcalv' shortcode. This makes it possible for authenticated att…

CVSS: 7.5 CWE: CWE-98
Read more
2025-08-14
High

CVE-2025-54701

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This issue affects Unicamp:…

CVSS: 8.1 CWE: CWE-98
Read more
High

CVE-2025-54700

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makea…

CVSS: 8.1 CWE: CWE-98
Read more
High

CVE-2025-54690

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek Xinterio allows PHP Local File Inclusion. This issue affects Xinteri…

CVSS: 8.1 CWE: CWE-98
Read more
High

CVE-2025-54689

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna allows PHP Local File Inclusion. This issue affects Urna: from n/…

CVSS: 8.1 CWE: CWE-98
Read more
High

CVE-2025-52806

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch…

CVSS: 7.5 CWE: CWE-98
Read more
High

CVE-2025-52732

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 Google Map Targeting allows PHP Local File Inclusion. This issue af…

CVSS: 8.8 CWE: CWE-98
Read more
High

CVE-2025-52728

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel WordPress Plugin allows PHP Local Fil…

CVSS: 7.5 CWE: CWE-98
Read more
High

CVE-2025-52716

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acato WP REST Cache allows PHP Local File Inclusion. This issue affects WP RES…

CVSS: 7.5 CWE: CWE-98
Read more
High

CVE-2025-49271

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags allows PHP Local File Inclusion. This issue a…

CVSS: 7.5 CWE: CWE-98
Read more
High

CVE-2025-49264

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login allows PHP…

CVSS: 7.5 CWE: CWE-98
Read more
High

CVE-2025-49036

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer allows PHP Local File Inclusi…

CVSS: 8.1 CWE: CWE-98
Read more
High

CVE-2025-48332

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks allows PHP Local File Inclusion. This issue affe…

CVSS: 7.5 CWE: CWE-98
Read more
Critical

CVE-2025-48293

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup allows PHP Local File Inclusion. This issue affects Ge…

CVSS: 9.8 CWE: CWE-98
Read more
High

CVE-2025-3703

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This is…

CVSS: 7.5 CWE: CWE-98
Read more
High

CVE-2025-32288

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions allows PHP Local File Inclusion. This issue af…

CVSS: 7.5 CWE: CWE-98
Read more
High

CVE-2025-30635

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonatePro allows PHP Local File Inclusion. This issue affects ID…

CVSS: 8.1 CWE: CWE-98
Read more
High

CVE-2025-28979

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipe…

CVSS: 8.1 CWE: CWE-98
Read more
Critical

CVE-2025-25174

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions allows PHP Local File Inclusion. This issue a…

CVSS: 10.0 CWE: CWE-98
Read more
High

CVE-2025-25172

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov allows PHP Local File Inclusion. This issue affects VidMov:…

CVSS: 8.1 CWE: CWE-98
Read more
High

CVE-2025-24766

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Royal Themes News Magazine X allows PHP Local File Inclusion. This issue af…

CVSS: 7.5 CWE: CWE-98
Read more
2025-08-13
Critical

CVE-2025-8913

Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.

CVSS: 9.8 CWE: CWE-98
Read more
Critical

CVE-2025-6715

The LatePoint WordPress plugin before 5.1.94 is vulnerable to Local File Inclusion via the layout parameter. This makes it possible for attackers to include and execute PHP files on the server, allo…

CVSS: 9.8 CWE: N/A
Read more
2025-08-06
Medium

CVE-2025-51057

A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function ca…

CVSS: 6.5 CWE: CWE-98
Read more
2025-08-05
High

CVE-2012-10034

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attacker…

CVSS: 8.7 CWE: CWE-22
Read more
2025-07-26
High

CVE-2025-6991

The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'TH_LatestPosts4` widget. This makes it possible for authenticated attackers…

CVSS: 7.5 CWE: CWE-98
Read more
2025-07-22
Medium

CVE-2025-51481

Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the no…

CVSS: 6.6 CWE: CWE-22
Read more
2025-07-19
High

CVE-2015-10133

The Subscribe to Comments for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.1.2 via the Path to header value. This allows authenticated attackers, with administr…

CVSS: 7.2 CWE: CWE-98
Read more
2025-07-18
High

CVE-2025-3740

The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 93.1.0 via the 'page' parameter. This makes it possible for…

CVSS: 8.8 CWE: CWE-22
Read more
2025-07-16
Medium

CVE-2025-54015

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 allows PHP Local File Inclusion. This issue affec…

CVSS: 6.6 CWE: CWE-98
Read more
2025-06-09
Medium

CVE-2025-49138

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint a…

CVSS: 6.5 CWE: CWE-22
Read more
2025-04-16
High

CVE-2025-39584

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventi…

CVSS: 7.5 CWE: CWE-98
Read more
2025-03-20
High

CVE-2024-12866

A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability allows an attacker to read arbitrary files on the file system, which can lead to remote code…

CVSS: 7.5 CWE: CWE-22
Read more
Medium

CVE-2024-10707

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulner…

CVSS: 6.5 CWE: CWE-20
Read more
2025-02-25
High

CVE-2025-26964

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventi…

CVSS: 7.5 CWE: CWE-98
Read more
2025-02-10
High

CVE-2024-8550

A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server…

CVSS: 7.5 CWE: CWE-497
Read more
2025-01-25
High

CVE-2025-0682

The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible…

CVSS: 8.8 CWE: CWE-98
Read more
2024-12-31
High

CVE-2024-52047

A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain th…

CVSS: 7.5 CWE: CWE-552
Read more
2024-05-16
High

CVE-2024-3403

imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality t…

CVSS: 7.5 CWE: CWE-22
Read more
2024-04-10
High

CVE-2024-1728

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to re…

CVSS: 7.5 CWE: CWE-22
Read more
2024-02-02
Medium

CVE-2024-0844

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible f…

CVSS: 4.7 CWE: CWE-22
Read more