ReportizFlow
Filtered by vendor
Subscriptions
Total
430 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7634 | 2025-10-09 | 9.8 Critical | ||
| The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.6.7 via the mode parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-7721 | 2 Beardev, Wordpress | 2 Joomsport, Wordpress | 2025-10-06 | 9.8 Critical |
| The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.7.3 via the task parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-9993 | 2 D3rd4v1d, Wordpress | 2 Bei Fen, Wordpress | 2025-10-02 | 8.1 High |
| The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. This only affects instances running PHP 7.1 or older. | ||||
| CVE-2025-9991 | 2 Migli, Wordpress | 2 Tiny Bootstrap Elements Light, Wordpress | 2025-10-02 | 8.1 High |
| The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-60150 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe to Download allows PHP Local File Inclusion. This issue affects Subscribe to Download: from n/a through 2.0.9. | ||||
| CVE-2025-60153 | 1 Wordpress | 1 Wordpress | 2025-09-29 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpshuffle Subscribe To Unlock allows PHP Local File Inclusion. This issue affects Subscribe To Unlock: from n/a through 1.1.5. | ||||
| CVE-2025-60126 | 2 Pluginops, Wordpress | 2 Testimonial Slider, Wordpress | 2025-09-29 | 8.8 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider allows PHP Local File Inclusion. This issue affects Testimonial Slider: from n/a through 3.5.8.6. | ||||
| CVE-2024-53800 | 1 Rezgo | 1 Rezgo Online Booking | 2025-09-26 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15. | ||||
| CVE-2025-57925 | 1 Wordpress | 1 Wordpress | 2025-09-24 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in immonex immonex Kickstart Team allows PHP Local File Inclusion. This issue affects immonex Kickstart Team: from n/a through 1.6.9. | ||||
| CVE-2025-53450 | 1 Wordpress | 1 Wordpress | 2025-09-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP allows PHP Local File Inclusion. This issue affects Easy Pricing Table WP: from n/a through 1.1.3. | ||||
| CVE-2025-59588 | 2 Pencidesign, Wordpress | 2 Soledad, Wordpress | 2025-09-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad allows PHP Local File Inclusion. This issue affects Soledad: from n/a through 8.6.8. | ||||
| CVE-2025-58973 | 2 Hashthemes, Wordpress | 2 Easy Elementor Addons, Wordpress | 2025-09-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hashthemes Easy Elementor Addons allows PHP Local File Inclusion. This issue affects Easy Elementor Addons: from n/a through 2.2.8. | ||||
| CVE-2025-10143 | 1 Wordpress | 1 Wordpress | 2025-09-17 | 7.5 High |
| The Catch Dark Mode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0 via the 'catch_dark_mode' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-10269 | 1 Wordpress | 1 Wordpress | 2025-09-15 | 7.5 High |
| The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-9874 | 2 Webcodingplace, Wordpress | 2 Ultimate Classified Listings, Wordpress | 2025-09-12 | 7.5 High |
| The Ultimate Classified Listings plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6 via the 'uclwp_dashboard' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-47695 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7. | ||||
| CVE-2025-47571 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder. This issue affects Super Store Finder: from n/a through 6.9.7. | ||||
| CVE-2025-58215 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from n/a through n/a. | ||||
| CVE-2025-54709 | 1 Wordpress | 1 Wordpress | 2025-09-11 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6. | ||||
| CVE-2025-58206 | 1 Wordpress | 1 Wordpress | 2025-09-07 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach allows PHP Local File Inclusion. This issue affects MaxCoach: from n/a through 3.2.5. | ||||