Total
328 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4380 | 2025-07-03 | N/A | 8.1 HIGH | ||
| The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases .php files can can be uploaded and included, or already exist on the site. | |||||
| CVE-2025-4689 | 2025-07-03 | N/A | 9.8 CRITICAL | ||
| The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up to, and including, 4.89. This is due to the presence of a SQL Injection vulnerability and Local File Inclusion vulnerability that can be chained with an image upload. This makes it possible for unauthenticated attackers to execute code on the server upload image files on the server than can be fetched via a SQL injection vulnerability, and ultimately executed as PHP code through the local file inclusion vulnerability. | |||||
| CVE-2025-48126 | 1 G5plus | 1 Essential Real Estate | 2025-07-02 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1. | |||||
| CVE-2025-49416 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fastw3b LLC FW Gallery allows PHP Local File Inclusion. This issue affects FW Gallery: from n/a through 8.0.0. | |||||
| CVE-2025-52723 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codesupplyco Networker allows PHP Local File Inclusion. This issue affects Networker: from n/a through 1.2.0. | |||||
| CVE-2025-49886 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab Zikzag Core allows PHP Local File Inclusion. This issue affects Zikzag Core: from n/a through 1.4.5. | |||||
| CVE-2025-28990 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme SNS Vicky allows PHP Local File Inclusion. This issue affects SNS Vicky: from n/a through 3.7. | |||||
| CVE-2025-52808 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in real-web RealtyElite allows PHP Local File Inclusion. This issue affects RealtyElite: from n/a through 1.0.0. | |||||
| CVE-2025-53281 | 2025-06-30 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPBean WPB Category Slider for WooCommerce allows PHP Local File Inclusion. This issue affects WPB Category Slider for WooCommerce: from n/a through 1.71. | |||||
| CVE-2025-53257 | 2025-06-30 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery allows PHP Local File Inclusion. This issue affects Gmedia Photo Gallery: from n/a through 1.23.0. | |||||
| CVE-2025-24760 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Sofass allows PHP Local File Inclusion. This issue affects Sofass: from n/a through 1.3.4. | |||||
| CVE-2025-52816 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita allows PHP Local File Inclusion. This issue affects Zita: from n/a through 1.6.5. | |||||
| CVE-2025-24769 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny allows PHP Local File Inclusion. This issue affects Zenny: from n/a through 1.7.5. | |||||
| CVE-2025-52809 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Russell National Weather Service Alerts allows PHP Local File Inclusion. This issue affects National Weather Service Alerts: from n/a through 1.3.5. | |||||
| CVE-2025-28998 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in serpednet SERPed.net allows PHP Local File Inclusion. This issue affects SERPed.net: from n/a through 4.6. | |||||
| CVE-2025-32298 | 2025-06-30 | N/A | 7.5 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers allows PHP Local File Inclusion. This issue affects CTUsers: from n/a through 1.0.0. | |||||
| CVE-2025-52729 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza allows PHP Local File Inclusion. This issue affects Diza: from n/a through 1.3.9. | |||||
| CVE-2025-52812 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Domnoo allows PHP Local File Inclusion. This issue affects Domnoo: from n/a through 1.49. | |||||
| CVE-2025-49883 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Greenmart allows PHP Local File Inclusion. This issue affects Greenmart: from n/a through 4.2.3. | |||||
| CVE-2025-28946 | 2025-06-30 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme PrintXtore allows PHP Local File Inclusion. This issue affects PrintXtore: from n/a through 1.7.5. | |||||