CWE-98— PHP Remote File Inclusion
861 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 3 of 18
- CVE-2024-3813HIGHCVSS 8.8EG 8.82024-06-15
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, …
- CVE-2024-3849HIGHCVSS 8.8EG 8.82024-05-02
The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and ex…
- CVE-2024-38735HIGHCVSS 7.5EG 7.52024-07-12
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Event post event-post.This issue affects Event post: from n/a through <= 5.9.5.
- CVE-2024-40112MEDIUMCVSS 5.9EG 5.92025-06-02
A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerabili…
- CVE-2024-41925CRITICALCVSS 9.8EG 9.82024-10-03
The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.
- CVE-2024-4258CRITICALCVSS 9.8EG 9.82024-06-15
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticate…
- CVE-2024-43261CRITICALCVSS 9.6EG 9.62024-08-19
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affects Compute Links: from n/a through 1.2.1.
- CVE-2024-4359MEDIUMCVSS 6.5EG 6.52024-08-12
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 5.7.2 via the SVG widget and a lac…
- CVE-2024-44023HIGHCVSS 8.1EG 8.12024-10-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in abcapp ABCApp Creator abcapp-creator.This issue affects ABCApp Creator: from n/a through <= 1.1.2.
- CVE-2024-44048MEDIUMCVSS 6.5EG 6.52024-09-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate.This issue…
- CVE-2024-4441HIGHCVSS 8.1EG 8.12024-05-14
The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbi…
- CVE-2024-45077MEDIUMCVSS 6.5EG 6.52025-01-24
IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if…
- CVE-2024-4551MEDIUMCVSS 6.4EG 6.42024-06-15
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated at…
- CVE-2024-4670HIGHCVSS 8.8EG 8.82024-05-15
The All-in-One Video Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.5 via the aiovg_search_form shortcode. This makes it possible for authenticated attackers, with contributor-l…
- CVE-2024-47323HIGHCVSS 8.1EG 8.12024-10-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vert…
- CVE-2024-48029HIGHCVSS 7.5EG 7.52024-10-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Rand…
- CVE-2024-4887HIGHCVSS 7.5EG 7.52024-06-07
The Qi Addons For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possib…
- CVE-2024-49243HIGHCVSS 7.5EG 7.52024-10-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ramjon27 Dynamic Elementor Addons dynamic-elementor-addons allows PHP Local File Inclusion.This issue affects Dynamic …
- CVE-2024-49251HIGHCVSS 7.5EG 7.52024-10-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Acnoo Maan Addons For Elementor maan-elementor-addons allows Local Code Inclusion.This issue affects Maan Addons For E…
- CVE-2024-49317HIGHCVSS 7.5EG 7.52024-10-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.This issue affects Point Maker: from n/a through <= 0.1…
- CVE-2024-4936CRITICALCVSS 9.8EG 9.82024-06-14
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, result…
- CVE-2024-49649CRITICALCVSS 9.8EG 9.82025-01-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from…
- CVE-2024-49690HIGHCVSS 7.5EG 7.52024-10-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qi Blocks qi-blocks.This issue affects Qi Blocks: from n/a through <= 1.3.2.
- CVE-2024-49701HIGHCVSS 7.5EG 7.52024-10-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Mags mags.This issue affects Mags: from n/a through <= 1.1.6.
- CVE-2024-50434HIGHCVSS 7.5EG 7.52024-10-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse NewsCard newscard.This issue affects NewsCard: from n/a through <= 1.3.
- CVE-2024-50435HIGHCVSS 7.5EG 7.52024-10-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Meta News meta-news.This issue affects Meta News: from n/a through <= 1.1.7.
- CVE-2024-50436HIGHCVSS 7.5EG 7.52024-10-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehorse Clean Retina clean-retina.This issue affects Clean Retina: from n/a through <= 3.0.6.
- CVE-2024-50457HIGHCVSS 7.5EG 7.52024-10-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Qode Qode Essential Addons qode-essential-addons.This issue affects Qode Essential Addons: from n/a through <= 1.6.3.
- CVE-2024-50497HIGHCVSS 8.1EG 8.12024-10-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wdesco Advanced Online Ordering and Delivery Platform advanced-online-ordering-and-delivery-platform allows PHP Local …
- CVE-2024-51319HIGHCVSS 7.3EG 7.32025-03-11
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.
- CVE-2024-51541HIGHCVSS 8.2EG 8.22024-12-05
Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
- CVE-2024-52381HIGHCVSS 8.1EG 8.12024-11-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART zij-kart allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through <= 1.1.
- CVE-2024-52385MEDIUMCVSS 4.3EG 4.32024-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpmart Team Member team-showcase-supreme.This issue affects Team Member: from n/a through <= 7.4.
- CVE-2024-52386MEDIUMCVSS 5.3EG 5.32024-11-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listin…
- CVE-2024-52428HIGHCVSS 8.1EG 8.12024-11-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Peter Ads Booster by Ads Pro free-wp-booster-by-ads-pro allows PHP Local File Inclusion.This issue affects Ads Booster…
- CVE-2024-52450HIGHCVSS 7.5EG 7.52024-11-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in officialprocoders nBlocks nblocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through <= 1.0.…
- CVE-2024-52496HIGHCVSS 7.5EG 7.52024-11-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Local Code Inclusion.This issue affects Absolute …
- CVE-2024-52497HIGHCVSS 7.5EG 7.52024-11-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready shopready-elementor-addon allows PHP Local File Inclusion.This issue affects Shopready: from n/a…
- CVE-2024-52499HIGHCVSS 7.5EG 7.52024-11-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ibrahim Pricing table addon for elementor pricing-table-addon-for-elementor allows PHP Local File Inclusion.This issue…
- CVE-2024-52501HIGHCVSS 7.5EG 7.52024-11-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebbyTemplate Office Locator office-locator.This issue affects Office Locator: from n/a through <= 1.3.0.
- CVE-2024-5345HIGHCVSS 8.8EG 8.82024-05-31
The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor…
- CVE-2024-5348HIGHCVSS 8.8EG 8.82024-06-01
The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the even…
- CVE-2024-53739HIGHCVSS 8.1EG 8.12024-11-30
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor cryptocurrency-widgets-for-elementor allows PHP Local File Inclusion…
- CVE-2024-53800HIGHCVSS 8.1EG 8.12025-01-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in rezgo Rezgo rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through <= 4.17.
- CVE-2024-53824HIGHCVSS 7.5EG 7.52024-12-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in all_bootstrap_blocks All Bootstrap Blocks all-bootstrap-blocks allows PHP Local File Inclusion.This issue affects All …
- CVE-2024-54225HIGHCVSS 7.5EG 7.52024-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through <= 1.4.…
- CVE-2024-54263HIGHCVSS 7.5EG 7.52026-02-02
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework allows PHP Local File Inclusion.This issue affects Spirit Framework: from n/a through 1.2.13.
- CVE-2024-54270HIGHCVSS 8.1EG 8.12024-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axeptio Axeptio axeptio-sdk-integration allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through <…
- CVE-2024-5431HIGHCVSS 8.8EG 8.82024-06-25
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.25 via the reservation_extra_field shortc…
- CVE-2024-54376HIGHCVSS 7.5EG 7.52024-12-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider Themes EazyDocs eazydocs allows PHP Local File Inclusion.This issue affects EazyDocs: from n/a through <= 2.8.0.
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →