CWE-98— PHP Remote File Inclusion
861 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 15 of 18
- CVE-2025-64364HIGHCVSS 7.5EG 7.52025-10-31
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a throug…
- CVE-2025-64373HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in shinetheme Traveler traveler allows PHP Local File Inclusion.This issue affects Traveler: from n/a through < 3.2.6.
- CVE-2025-64377HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CridioStudio ListingPro listingpro allows PHP Local File Inclusion.This issue affects ListingPro: from n/a through < 2…
- CVE-2025-64714MEDIUMCVSS 5.8EG 5.82025-11-13
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselect…
- CVE-2025-65656CRITICALCVSS 9.8EG 9.82025-12-02
dcat-admin v2.2.3-beta and before is vulnerable to file inclusion in admin/src/Extend/VersionManager.php.
- CVE-2025-66115MEDIUMCVSS 6.6EG 6.62025-11-21
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MatrixAddons Easy Invoice easy-invoice allows PHP Local File Inclusion.This issue affects Easy Invoice: from n/a throu…
- CVE-2025-6746HIGHCVSS 8.8EG 8.82025-07-08
The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to…
- CVE-2025-67515HIGHCVSS 8.8EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5.
- CVE-2025-67521HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Select Core select-core allows PHP Local File Inclusion.This issue affects Select Core: from n/a through…
- CVE-2025-67522HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster noo-jobmonster allows PHP Local File Inclusion.This issue affects Jobmonster: from n/a through <= …
- CVE-2025-67523HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Exhibz exhibz allows PHP Local File Inclusion.This issue affects Exhibz: from n/a through <= 3.0.9.
- CVE-2025-67524HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NooTheme Jobmonster Elementor Addon jobmonster-addon allows PHP Local File Inclusion.This issue affects Jobmonster Ele…
- CVE-2025-67525HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP ekommart ekommart allows PHP Local File Inclusion.This issue affects ekommart: from n/a through < 4.3.1.
- CVE-2025-67526HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Sailing sailing allows PHP Local File Inclusion.This issue affects Sailing: from n/a through < 4.4.6.
- CVE-2025-67527HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Digiqole digiqole allows PHP Local File Inclusion.This issue affects Digiqole: from n/a through < 2.2.7.
- CVE-2025-67528HIGHCVSS 7.5EG 5.12025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12.
- CVE-2025-67529HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opal_WP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through < 5.3.0.
- CVE-2025-67530HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.
- CVE-2025-67531HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in trippleS Turitor turitor allows PHP Local File Inclusion.This issue affects Turitor: from n/a through < 1.5.3.
- CVE-2025-67532HIGHCVSS 7.5EG 9.82025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17.
- CVE-2025-67615HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Myour myour allows PHP Local File Inclusion.This issue affects Myour: from n/a through <= 1.5.1.
- CVE-2025-67616HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through <= 1.2.29.
- CVE-2025-67920HIGHCVSS 8.1EG 9.82026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through < 1…
- CVE-2025-67925HIGHCVSS 7.5EG 8.12026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0.
- CVE-2025-67934HIGHCVSS 8.1EG 8.12026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < …
- CVE-2025-67935HIGHCVSS 8.1EG 8.12026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4.
- CVE-2025-67936HIGHCVSS 8.1EG 8.12026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.
- CVE-2025-67937HIGHCVSS 8.1EG 8.12026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7.
- CVE-2025-67938HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Biagiotti biagiotti allows PHP Local File Inclusion.This issue affects Biagiotti: from n/a through < 3.5…
- CVE-2025-67940HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Powerlift powerlift allows PHP Local File Inclusion.This issue affects Powerlift: from n/a through < 3.2…
- CVE-2025-67941HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle theaisle allows PHP Local File Inclusion.This issue affects The Aisle: from n/a through < 2.9.…
- CVE-2025-67946HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.1…
- CVE-2025-67955HIGHCVSS 7.5EG 7.52026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP MyHome Core myhome-core allows PHP Local File Inclusion.This issue affects MyHome Core: from n/a through <=…
- CVE-2025-67957HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TangibleWP Listivo Core listivo-core allows PHP Local File Inclusion.This issue affects Listivo Core: from n/a through…
- CVE-2025-68061HIGHCVSS 7.5EG 7.52025-12-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.
- CVE-2025-68062HIGHCVSS 7.5EG 7.52025-12-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.
- CVE-2025-68065HIGHCVSS 7.5EG 7.52025-12-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core allows PHP Local File Inclusion. This issue affects Hub Core: from n/a before 6.0.2.
- CVE-2025-68066HIGHCVSS 7.5EG 7.52025-12-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PenciDesign Soledad soledad allows PHP Local File Inclusion.This issue affects Soledad: from n/a through <= 8.7.0.
- CVE-2025-68067HIGHCVSS 7.5EG 7.52025-12-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/…
- CVE-2025-68068HIGHCVSS 7.5EG 7.52025-12-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through <= 9.…
- CVE-2025-68506HIGHCVSS 8.1EG 9.82025-12-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a thro…
- CVE-2025-68510HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < …
- CVE-2025-68530HIGHCVSS 7.5EG 9.82025-12-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Bookory bookory allows PHP Local File Inclusion.This issue affects Bookory: from n/a through <= 2.2.7.
- CVE-2025-68537HIGHCVSS 7.5EG 9.82025-12-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.
- CVE-2025-68540HIGHCVSS 7.5EG 9.82025-12-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35.
- CVE-2025-68544HIGHCVSS 7.5EG 7.52025-12-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.15.
- CVE-2025-68546HIGHCVSS 7.5EG 7.52025-12-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.14.
- CVE-2025-68560HIGHCVSS 7.5EG 7.52025-12-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects TheGem Theme Elements (…
- CVE-2025-68563HIGHCVSS 7.5EG 9.82025-12-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Unlock Lite subscribe-to-unlock-lite allows PHP Local File Inclusion.This issue affects Subscr…
- CVE-2025-68645HIGHCVSS 8.8EG 9.0⚠ KEV2025-12-22
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote a…
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →