Vulnerabilities > Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-16 | CVE-2025-48136 | PHP Remote File Inclusion vulnerability in Estatik Mortgage Calculator Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. | 8.8 |
| 2025-04-26 | CVE-2025-2101 | The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. | 8.1 |
| 2025-04-10 | CVE-2025-32158 | PHP Remote File Inclusion vulnerability in Athemes Addons for Elementor Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. | 8.8 |
| 2025-04-01 | CVE-2025-30849 | PHP Remote File Inclusion vulnerability in G5Plus Essential Real Estate Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. | 9.8 |
| 2025-04-01 | CVE-2025-30870 | PHP Remote File Inclusion vulnerability in Wptravelengine WP Travel Engine Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. | 9.8 |
| 2025-03-19 | CVE-2024-13790 | The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. | 9.8 |
| 2025-03-18 | CVE-2024-12563 | The s2Member Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 250214 via the 'template' attribute. | 8.8 |
| 2025-03-15 | CVE-2025-1771 | PHP Remote File Inclusion vulnerability in Shinecommerce Traveler The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. | 9.8 |
| 2025-03-11 | CVE-2025-1707 | The Review Schema plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.4 via post meta. | 8.8 |
| 2025-02-28 | CVE-2024-9193 | PHP Remote File Inclusion vulnerability in Whmpress Whmcs 6.3 The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. | 9.8 |