VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-02-21
CVE-2024-13353
The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets.
network
low complexity
CWE-98
8.8
8.8
2025-02-19
CVE-2024-13592
The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode.
network
high complexity
CWE-98
7.5
7.5
2025-02-03
CVE-2024-12859
The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute.
network
low complexity
CWE-98
8.8
8.8
2025-02-01
CVE-2025-0366
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function.
network
low complexity
CWE-98
8.8
8.8
2025-01-25
CVE-2025-0682
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute.
network
low complexity
CWE-98
8.8
8.8
2025-01-24
CVE-2024-45077
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system.
network
low complexity
CWE-98
6.5
6.5
2024-12-25
CVE-2024-12272
The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets.
network
low complexity
CWE-98
8.8
8.8
2024-12-20
CVE-2024-12571
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter.
network
low complexity
CWE-98
critical
9.8
9.8
2024-12-12
CVE-2024-12040
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode.
network
low complexity
CWE-98
8.8
8.8
2024-10-29
CVE-2024-10436
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function.
network
low complexity
CWE-98
8.8
8.8
«
1
(current)
2
»
Next