Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13408

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-24 Jan, 2025 | 11:07
Updated At-27 Jan, 2025 | 14:55
Rejected At-
Credits

Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:24 Jan, 2025 | 11:07
Updated At:27 Jan, 2025 | 14:55
Rejected At:
▼CVE Numbering Authority (CNA)
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.

Affected Products
Vendor
wpwax
Product
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget
Default Status
unaffected
Versions
Affected
  • From * through 1.6.10 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-98CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Type: CWE
CWE ID: CWE-98
Description: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Djaidja Moundjid
Timeline
EventDate
Disclosed2025-01-23 00:00:00
Event: Disclosed
Date: 2025-01-23 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff346465-62c2-4a2b-8a4a-c88558d7cabd?source=cve
N/A
https://plugins.trac.wordpress.org/changeset/3227281/post-grid-carousel-ultimate/tags/1.7/includes/classes/shortcode.php
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/ff346465-62c2-4a2b-8a4a-c88558d7cabd?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3227281/post-grid-carousel-ultimate/tags/1.7/includes/classes/shortcode.php
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:24 Jan, 2025 | 11:15
Updated At:05 Feb, 2025 | 01:37

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
pickplugins
pickplugins
>>post_grid>>Versions before 1.7(exclusive)
cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-98Secondarysecurity@wordfence.com
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: CWE-98
Type: Secondary
Source: security@wordfence.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset/3227281/post-grid-carousel-ultimate/tags/1.7/includes/classes/shortcode.phpsecurity@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff346465-62c2-4a2b-8a4a-c88558d7cabd?source=cvesecurity@wordfence.com
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset/3227281/post-grid-carousel-ultimate/tags/1.7/includes/classes/shortcode.php
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/ff346465-62c2-4a2b-8a4a-c88558d7cabd?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

145Records found
CVE-2025-53210
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.88%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks allows PHP Local File Inclusion. This issue affects ZoloBlocks: from n/a through 2.3.2.

Action-Not Available
Vendor-BdThemes
Product-ZoloBlocks
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-53339
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.69%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-30 Jun, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. This issue affects Devnex Addons For Elementor: from n/a through 1.0.9.

Action-Not Available
Vendor-devnex
Product-Devnex Addons For Elementor
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-52715
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG+0.02%
Published-20 Jun, 2025 | 15:03
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Classified Listing plugin <= 4.2.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing allows PHP Local File Inclusion. This issue affects Classified Listing: from n/a through 4.2.0.

Action-Not Available
Vendor-RadiusTheme
Product-Classified Listing
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-52708
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG+0.02%
Published-20 Jun, 2025 | 15:03
Updated-23 Jun, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY allows PHP Local File Inclusion. This issue affects HUSKY: from n/a through 1.3.7.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-HUSKY
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-52806
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.88%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:33
Updated-14 Aug, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JobSearch Plugin <= 2.9.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in eyecix JobSearch allows PHP Local File Inclusion. This issue affects JobSearch: from n/a through 2.9.0.

Action-Not Available
Vendor-eyecix
Product-JobSearch
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-49308
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Travel Engine <= 6.5.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.5.1.

Action-Not Available
Vendor-WP Travel Engine
Product-WP Travel Engine
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-49307
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Multilang <= 2.4.19 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magazine3 WP Multilang allows PHP Local File Inclusion. This issue affects WP Multilang: from n/a through 2.4.19.

Action-Not Available
Vendor-Mohammed & Ahmed Kaludi (Magazine3)
Product-WP Multilang
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-49313
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 12:53
Updated-06 Jun, 2025 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BRW <= 1.8.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW allows PHP Local File Inclusion. This issue affects BRW: from n/a through 1.8.6.

Action-Not Available
Vendor-ovatheme
Product-BRW
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-49070
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.69%
||
7 Day CHG~0.00%
Published-04 Jul, 2025 | 11:17
Updated-08 Jul, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi allows PHP Local File Inclusion. This issue affects Elessi: from n/a through n/a.

Action-Not Available
Vendor-NasaTheme
Product-Elessi
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Recall <= 16.26.14 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14.

Action-Not Available
Vendor-tggfref
Product-WP-Recall
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-48136
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-30 May, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mortgage Calculator Estatik <= 2.0.12 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.

Action-Not Available
Vendor-estatikEstatik
Product-mortgage_calculatorMortgage Calculator Estatik
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47693
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-19 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fat Services Booking plugin <= 5.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking allows PHP Local File Inclusion. This issue affects FAT Services Booking: from n/a through 5.5.

Action-Not Available
Vendor-roninwp
Product-FAT Services Booking
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-48302
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.88%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine allows PHP Local File Inclusion. This issue affects FundEngine: from n/a through 1.7.4.

Action-Not Available
Vendor-Roxnor
Product-FundEngine
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47576
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:23
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5.

Action-Not Available
Vendor-Bringthepixel
Product-Bimber - Viral Magazine WordPress Theme
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47510
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Display Eventbrite Events < 6.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fullworks Display Eventbrite Events allows PHP Local File Inclusion. This issue affects Display Eventbrite Events: from n/a through n/a.

Action-Not Available
Vendor-fullworks
Product-Display Eventbrite Events
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47572
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG+0.02%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0.

Action-Not Available
Vendor-mojoomla
Product-School Management
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-13592
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.17% / 39.20%
||
7 Day CHG~0.00%
Published-19 Feb, 2025 | 07:32
Updated-24 May, 2025 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Local File Inclusion

The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Action-Not Available
Vendor-webdevoceanlabibahmed42
Product-team-builder-for-wpbakery-page-builderTeam Builder For WPBakery Page Builder(Formerly Visual Composer)
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47508
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GamiPress <= 7.3.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ruben Garcia GamiPress allows PHP Local File Inclusion. This issue affects GamiPress: from n/a through 7.3.7.

Action-Not Available
Vendor-Ruben Garcia
Product-GamiPress
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-53824
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.02%
||
7 Day CHG+0.03%
Published-06 Dec, 2024 | 13:05
Updated-06 Dec, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress All Bootstrap Blocks plugin <= 1.3.20 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.

Action-Not Available
Vendor-areoiAREOI
Product-All Bootstrap Blocksall_bootstrap_blocks
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47496
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PublishPress Authors <= 4.7.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress PublishPress Authors allows PHP Local File Inclusion. This issue affects PublishPress Authors: from n/a through 4.7.5.

Action-Not Available
Vendor-PublishPress
Product-PublishPress Authors
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Monitor <= 5.0.22 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Chill Download Monitor allows PHP Local File Inclusion. This issue affects Download Monitor: from n/a through 5.0.22.

Action-Not Available
Vendor-WP Chill
Product-Download Monitor
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47494
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventON <= 2.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.4.1.

Action-Not Available
Vendor-Ashan Perera
Product-EventON
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-12859
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.96%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 19:22
Updated-03 Feb, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

Action-Not Available
Vendor-PX-lab
Product-BoomBox Theme Extensions
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-52496
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.11%
||
7 Day CHG~0.00%
Published-28 Nov, 2024 | 10:41
Updated-29 Nov, 2024 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14.

Action-Not Available
Vendor-AbsolutePlugins
Product-Absolute Addons For Elementorabsolute_addons_for_elementor
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-11429
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.54%
||
7 Day CHG+0.01%
Published-05 Dec, 2024 | 05:26
Updated-05 Dec, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.

Action-Not Available
Vendor-galdubpremio
Product-Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonialstestimonials
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47498
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hotel Booking <= 3.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking allows PHP Local File Inclusion. This issue affects Hotel Booking: from n/a through 3.6.

Action-Not Available
Vendor-nicdark
Product-Hotel Booking
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-46230
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG+0.05%
Published-24 Apr, 2025 | 16:08
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Popup Builder <= 1.1.35 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GhozyLab Popup Builder allows PHP Local File Inclusion. This issue affects Popup Builder: from n/a through 1.1.35.

Action-Not Available
Vendor-GhozyLab
Product-Popup Builder
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47531
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:20
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XT Event Widget for Social Events <= 1.1.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events allows PHP Local File Inclusion. This issue affects XT Event Widget for Social Events: from n/a through 1.1.7.

Action-Not Available
Vendor-Xylus Themes
Product-XT Event Widget for Social Events
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-47440
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-08 May, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPAdverts <= 2.2.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Greg Winiarski WPAdverts allows PHP Local File Inclusion. This issue affects WPAdverts: from n/a through 2.2.2.

Action-Not Available
Vendor-Greg Winiarski
Product-WPAdverts
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-52450
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.55% / 67.02%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 11:29
Updated-20 Nov, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Official pro coders nBlocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through 1.0.2.

Action-Not Available
Vendor-Official pro codersofficial_pro_coders
Product-nBlocksnblocks
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2024-10873
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.60% / 68.39%
||
7 Day CHG~0.00%
Published-23 Nov, 2024 | 04:32
Updated-12 Jul, 2025 | 00:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Action-Not Available
Vendor-la-studiowebchoijunlastudio
Product-element_kit_for_elementorLA-Studio Element Kit for Elementorla-studio_element_kit_for_elementor
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39452
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:15
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter WPCafe allows PHP Local File Inclusion. This issue affects WPCafe: from n/a through 2.2.32.

Action-Not Available
Vendor-Themewinter
Product-WPCafe
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39570
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-16 Apr, 2025 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPCOM Member <= 1.7.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member allows PHP Local File Inclusion. This issue affects WPCOM Member: from n/a through 1.7.7.

Action-Not Available
Vendor-Lomu
Product-WPCOM Member
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39507
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-16 May, 2025 | 15:45
Updated-06 Jun, 2025 | 22:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2.

Action-Not Available
Vendor-NasaTheme
Product-nasa_coreNasa Core
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39592
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-16 Apr, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Subscribe to Unlock Lite <= 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite allows PHP Local File Inclusion. This issue affects Subscribe to Unlock Lite: from n/a through 1.3.0.

Action-Not Available
Vendor-WP Shuffle
Product-Subscribe to Unlock Lite
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39396
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 17:15
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetReviews plugin <= 2.3.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through 2.3.6.

Action-Not Available
Vendor-Crocoblock
Product-JetReviews
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39364
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.73%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:28
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Product Category Slider for WooCommerce: from n/a through 4.3.4.

Action-Not Available
Vendor-PluginEver
Product-Product Category Slider for WooCommerce
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-39584
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:44
Updated-12 Aug, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Eventin <= 4.0.25 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.

Action-Not Available
Vendor-themewinterThemewinter
Product-eventinEventin
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32692
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:09
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. This issue affects WP Subscription Forms: from n/a through 1.2.4.

Action-Not Available
Vendor-WP Shuffle
Product-WP Subscription Forms
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32157
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jakub Glos Sparkle Elementor Kit allows PHP Local File Inclusion. This issue affects Sparkle Elementor Kit: from n/a through 2.0.9.

Action-Not Available
Vendor-Jakub Glos
Product-Sparkle Elementor Kit
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-3703
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.88%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CSS & JavaScript Toolbox < 12.0.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox allows PHP Local File Inclusion. This issue affects CSS & JavaScript Toolbox: from n/a through n/a.

Action-Not Available
Vendor-wipeoutmedia
Product-CSS & JavaScript Toolbox
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32152
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-13 May, 2025 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Slider a SlidersPack Plugin <= 2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugins by WP OnlineSupport Slider a SlidersPack allows PHP Local File Inclusion. This issue affects Slider a SlidersPack: from n/a through 2.3.

Action-Not Available
Vendor-Essential Plugins by WP OnlineSupport
Product-Slider a SlidersPack
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32160
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 08:09
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON. This issue affects EventON: from n/a through 2.3.2.

Action-Not Available
Vendor-Ashan Perera
Product-EventON
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32158
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 08:09
Updated-29 May, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress aThemes Addons for Elementor plugin <= 1.0.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15.

Action-Not Available
Vendor-Pop Goes The Pixel Ltd. (aThemes)
Product-athemes_addons_for_elementoraThemes Addons for Elementor
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32141
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MasterStudy LMS plugin <= 3.5.23 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS allows PHP Local File Inclusion. This issue affects MasterStudy LMS: from n/a through 3.5.23.

Action-Not Available
Vendor-Stylemix
Product-MasterStudy LMS
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32151
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BuddyForms Plugin <= 2.8.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sven Lehnert BuddyForms allows PHP Local File Inclusion. This issue affects BuddyForms: from n/a through 2.8.15.

Action-Not Available
Vendor-Sven Lehnert
Product-BuddyForms
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32153
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VG WooCarousel plugin <= 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG WooCarousel allows PHP Local File Inclusion. This issue affects VG WooCarousel: from n/a through 1.3.

Action-Not Available
Vendor-vinagecko
Product-VG WooCarousel
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32159
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Radius Blocks plugin <= 2.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Radius Blocks allows PHP Local File Inclusion. This issue affects Radius Blocks: from n/a through 2.2.1.

Action-Not Available
Vendor-RadiusTheme
Product-Radius Blocks
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32155
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Beds24 Online Booking plugin <= 2.0.26 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in markkinchin Beds24 Online Booking allows PHP Local File Inclusion. This issue affects Beds24 Online Booking: from n/a through 2.0.26.

Action-Not Available
Vendor-markkinchin
Product-Beds24 Online Booking
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-32154
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 15:58
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Catch Dark Mode plugin <= 1.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode allows PHP Local File Inclusion. This issue affects Catch Dark Mode: from n/a through 1.2.1.

Action-Not Available
Vendor-Catch Themes
Product-Catch Dark Mode
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found