Filtered by CWE-98

Search

Switch to Advanced Search (Beta)
Total 1113 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-48136 1 Estatik 1 Mortgage Calculator 2026-04-01 8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows PHP Local File Inclusion.This issue affects Mortgage Calculator Estatik: from n/a through <= 2.0.12.
CVE-2025-48126 1 G5plus 1 Essential Real Estate 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.9.
CVE-2025-47531 1 Xylusthemes 1 Xt Event Widget For Social Events 2026-04-01 8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events allows PHP Local File Inclusion.This issue affects XT Event Widget for Social Events: from n/a through <= 1.1.7.
CVE-2025-47453 1 Xylusthemes 1 Wp Smart Import 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import wp-smart-import allows PHP Local File Inclusion.This issue affects WP Smart Import: from n/a through <= 1.1.3.
CVE-2025-47438 1 Wpjobportal 1 Wp Job Portal 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal wp-job-portal allows PHP Local File Inclusion.This issue affects WP Job Portal: from n/a through <= 2.3.1.
CVE-2025-39584 1 Themewinter 1 Eventin 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.25.
CVE-2025-39507 1 Nasatheme 1 Nasa Core 2026-04-01 8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core nasa-core allows PHP Local File Inclusion.This issue affects Nasa Core: from n/a through < 6.4.4.
CVE-2025-39494 1 Qodeinteractive 1 Wilmer 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2.
CVE-2025-39490 2 Qodeinteractive, Wordpress 2 Backpack Traveler, Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2.
CVE-2025-39458 1 Qodeinteractive 1 Foton 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2.
CVE-2025-32925 1 Fantasticplugins 1 Sumo Reward Points 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points: from n/a through <= 30.7.0.
CVE-2025-32627 1 Joomsky 1 Js Job Manager 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-32519 2 Themeatelier, Wordpress 2 Idonate, Wordpress 2026-04-01 9.8 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18.
CVE-2025-32309 1 Thememove 1 Healsoul 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3.
CVE-2025-32158 1 Athemes 1 Athemes Addons For Elementor 2026-04-01 8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite.This issue affects aThemes Addons for Elementor: from n/a through <= 1.1.3.
CVE-2025-32154 1 Catchthemes 1 Catch Dark Mode 2026-04-01 8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through <= 2.0.1.
CVE-2025-32151 2 Themekraft, Wordpress 2 Buddyforms, Wordpress 2026-04-01 8.8 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through <= 2.9.0.
CVE-2025-32146 2 Joomsky, Wordpress 2 Js Job Manager, Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2.
CVE-2025-30901 2 Joomsky, Wordpress 2 Js Help Desk, Wordpress 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This issue affects JS Help Desk: from n/a through <= 2.9.2.
CVE-2025-30871 1 Wptravelengine 1 Wp Travel Engine 2026-04-01 N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through <= 6.3.5.