Vulnerabilities > Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

DATE CVE VULNERABILITY TITLE RISK
2025-03-19 CVE-2024-13790 The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter.
network
low complexity
CWE-98
critical
 9.8
9.8
2025-03-18 CVE-2024-12563 The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute.
network
low complexity
CWE-98
8.8
8.8
2025-03-15 CVE-2025-1771 PHP Remote File Inclusion vulnerability in Shinecommerce Traveler
The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter.
network
low complexity
shinecommerce CWE-98
critical
 9.8
9.8
2025-03-11 CVE-2025-1707 The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta.
network
low complexity
CWE-98
8.8
8.8
2025-02-28 CVE-2024-9193 PHP Remote File Inclusion vulnerability in Whmpress Whmcs 6.3
The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function.
network
low complexity
whmpress CWE-98
critical
 9.8
9.8
2025-02-28 CVE-2024-12811 The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute.
network
low complexity
CWE-98
8.8
8.8
2025-02-19 CVE-2024-13592 The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode.
network
high complexity
CWE-98
7.5
7.5
2025-02-03 CVE-2024-12859 The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute.
network
low complexity
CWE-98
8.8
8.8
2025-01-27 CVE-2025-24782 PHP Remote File Inclusion vulnerability in Wpwax Post Grid, Slider & Carousel Ultimate
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion.
network
low complexity
wpwax CWE-98
8.8
8.8
2025-01-25 CVE-2025-0682 The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute.
network
low complexity
CWE-98
8.8
8.8