Каталоги
В сервис интегрированы наиболее популярные публичных базы знаний:
- Сертификаты СЗИ - Государственный реестр сертифицированных средств защиты информации опубликованный Федеральной службой по техническому и экспортному контролю, может быть использован для контроля актуальности используемых СЗИ в организации.
- CVE уязвимости - общедоступная публичная база уязвимостей Common Vulnerabilities and Exposures (CVE). Миссия программы CVE заключается в выявлении, определении и каталогизации публично раскрываемых уязвимостей в сфере кибербезопасности. Для каждой уязвимости в каталоге существует одна запись CVE. Уязвимости обнаруживаются, затем присваиваются и публикуются организациями по всему миру, которые сотрудничают с программой CVE. Партнеры публикуют записи CVE для единообразного описания уязвимостей. Специалисты в области информационных технологий и кибербезопасности используют записи CVE, чтобы убедиться, что они обсуждают одну и ту же проблему, и координировать свои усилия по определению приоритетности и устранению уязвимостей.
- БДУ ФСТЭК уязвимости - раздел Уязвимости Банка данных уязвимостей опубликованная Федеральной службой по техническому и экспортному контролю совместно с Государственным научно-исследовательским испытательным институтом проблем технической защиты информации. Одной из целей создания банка данных угроз безопасности информации является объединение специалистов в области информационной безопасности для решения задач повышения защищенности информационных систем.
- НКЦКИ уязвимости - общедоступная публичная база уязвимостей Национального координационного центра по компьютерным инцидентам (НКЦКИ), обеспечивающего координацию деятельности субъектов КИИ по обнаружению, предупреждению, ликвидации последствий компьютерных атак и реагированию на компьютерные инциденты.
- MITRE ATT&CK – Adversarial Tactics, Techniques & Common Knowledge – Тактики, техники и общеизвестные знания о злоумышленниках. Это основанная на реальных наблюдениях база знаний компании Mitre, содержащая описание тактик, приемов и методов, используемых киберпреступниками. База создана в 2013 году и регулярно обновляется, цель – составление структурированной матрицы используемых киберпреступниками приемов, чтобы упростить задачу реагирования на киберинциденты.
- БДУ ФСТЭК и Новая БДУ ФСТЭК – раздел Угрозы Банка данных угроз, опубликованный в 2015 году Федеральной службой по техническому и экспортному контролю и Государственным научно-исследовательским испытательным институтом проблем технической защиты информации, обязателен при моделировании угроз при построении систем защиты персональных данных, критической информационной инфраструктуры, государственных информационных систем.
CVE, БДУ ФСТЭК и НКЦКИ
Каталоги CVE уязвимости, БДУ ФСТЭК уязвимости и НКЦКИ уязвимости предоставляют дополнительный контент и обогащают информацией описание уязвимостей от сканеров в модуле Технические уязвимости.
Интерфейс каталогов идентичен и содержит следующие блоки:
- Метрики:
- Найденные уязвимости – отображает количество найденных в отчетах от сканеров уязвимостей которые связаны с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей);
- Уязвимые хосты – отображает количество хостов на которых обнаружены уязвимости связанные с уязвимостями из каталога, при нажатии на виджет перенаправляет в модуль Технические уязвимости с установленным фильтром по названию каталога (тип фильтра Группа уязвимостей).
- Табличную часть Каталог уязвимостей:
- Фильтр по полю Идентификатор - особенностью данного фильтра является автоматический разбор текста с последующим извлечением из текста идентификаторов. Для этого необходимо вставить произвольный текст с идентификаторами в поле и добавить в фильтр через кнопку плюс;
- Табличную часть с полями для каталогов CVE и БДУ ФСТЭК:
- Идентификатор - id уязвимости в базе уязвимостей;
- Описание - текстовое описание уязвимости;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- CVSS - числовая оценка уязвимости согласно источнику, с указанием даты выявления уязвимости экспертами, оценка отображается цветом согласно оценке CVSS 0.1 – 3.9 Low Зеленый,
4.0 – 6.9 Medium Желтый, 7.0 – 8.9 High Оранжевый, 9.0 – 10.0 Critical Красный.
- Табличную часть с полями для каталогов CVE :
- Дата бюллетеня - информация о дате публикации бюллетеня содержащего уязвимости;
- Идентификатор - id уязвимости в базе уязвимостей;
- Информация - текстовое описание уязвимости;
- Вектор атаки - локальный или сетевой вектор атаки;
- Обнаружено - флаг, данный статус отображается если уязвимость обнаружена в отчетах о сканировании;
- Наличие обновления - - флаг, данный статус отображается если база уязвимостей содержит информацию о наличии обновлений от производителя уязвимого ПО;
- Дата выявления - даты выявления уязвимости экспертами.
- Чекбокс «Только обнаруженные уязвимости» - устанавливает фильтр на табличную часть для отображения только обнаруженные уязвимости.
- Функционал для экспорта всех уязвимостей каталога.
- Для каталога добавляется функционал Варианты отображения:
- Бюллетени - изменяет отображение табличной части на реестр бюллетеней, отображает общее количество уязвимостей в бюллетени в поле Уязвимостей в бюллетени и статус по обнаружению в поле Обнаружено - данный статус отображается если хотя бы одна уязвимость из бюллетеня обнаружена в инфраструктуре.
- Уязвимости.
MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК
Данные из каталогов MITRE ATT&CK, БДУ ФСТЭК, Новая БДУ ФСТЭК могут использоваться для контекстного наполнения риска в модуле Риски.
Каждый из указанных каталогов сформирован по собственной схеме данных, которая не соответствует подходу оценки риска, используемому в сервисе. Но в основе своей указанные базы описывают все те же риски информационной безопасности, каждый под своим углом. Поэтому они добавлены в сервис и как отдельные компоненты и как основа для создания рисков, угроз или уязвимостей.
Каталоги могут использоваться в сервисе с целью:
- Облегчения процесса формирования рисков, угроз и уязвимостей;
- Обогащения информации по рискам (угрозам, уязвимостям) созданным в сервисе.
- Взгляда на компанию и оценку рисков через публичные каталоги угроз.
Сервис позволяет установить связь между объектами из каталогов и 3 типами объектов сервиса: угрозами, уязвимостями или рисками безопасности:
- Уязвимости могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK и способами реализации Новой БДУ ФСТЭК.
- Угрозы могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами и последствиями Новой БДУ ФСТЭК.
- Риски могут быть связаны с угрозами БДУ ФСТЭК, техниками ATT&CK, угрозами, способами реализации и последствиями Новой БДУ ФСТЭК.
Такой широкий выбор возможных связей сделан потому, что объекты из каталогов угроз могут быть или угрозой или уязвимостью в контексте сервиса.
Например, УБИ.004 Угроза аппаратного сброса пароля BIOS из БДУ ФСТЭК в контексте сервиса является уязвимостью, особенностью активов типа Микропрограммное обеспечение, которая может привести к реализации угрозы Несанкционированного локального доступа к BIOS.
В большинстве случаев угрозы из БДУ ФСТЭК и техники из MITRE ATT@CK являются именно уязвимостями, использование которых ведет к реализации угроз безопасности, но бывают и исключения.
Для рисков, угроз и уязвимостей из базы Community связи с каталогами угроз уже установлены.
Связь с каталогом угроз может быть прямой или косвенной. Например, если уязвимость связана с угрозой из БДУ ФСТЭК то и все риски, в составе которых есть данная уязвимость будут автоматически связаны с угрозой из БДУ ФСТЭК.
Каталог БДУ ФСТЭК - это реестр рисков от банка данных угроз безопасности информации ФСТЭК России.
Каждая угроза содержит описание, рекомендации к каким типам активов может быть применена эта угроза, классификация по свойствам информации и вероятные источники угрозы. Дополнительно в блоке Связанные риски указаны связанные риски, а в блоке Каталоги указываются связи с записями из других каталогов.
Каталог Новая БДУ ФСТЭК от банка данных угроз безопасности информации ФСТЭК России содержит:
- матрицу Способы реализации (возникновения угроз) - каждая ячейка которых содержит описание поверхности атаки: группу способов, уровень возможностей нарушителя, возможные реализуемые угрозы, компоненты объектов воздействия, возможные меры защиты;
- Негативные последствия - перечень негативных последствий в классификации ФСТЭК в виде кода и описания;
- Угрозы - реестр угроз с описанием, каждая угроза содержит возможные объекты воздействия и возможные способы реализации угроз;
- Объекты - перечень объектов последствий с описанием и компонентами которые могут входить в состав объекта;
- Компоненты - перечень компонентов объектов воздействия с указанием объектов воздействия на которых они могут располагаться;
- Нарушители - уровни возможностей нарушителей классифицированные по возможностям и компетенции;
- Меры защиты - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя.
Каталог MITRE ATT&CK содержит:
- Матрица - содержит тактики и техники злоумышленника, позволяет на основании тактики или техники создать риск или уязвимость, в матрице указаны связи с рисками в базе Community и с рисками в базе команды;
- Тактики - направления действия нарушителя на том или ином этапе cyberkillchane;
- Техники - конкретные действия нарушителя для достижения цели на конкретном шаге cyberkillchane;
- Контрмеры - в терминологии SECURITM это список требований выполнение которых сокращает возможности нарушителя;
- Преступные группы - описание APT группировок и их особенности и модель поведения;
- Инструменты - ПО используемое нарушителями для вредоносного воздействия.
Матрицы могут использоваться для построения тепловой карты рисков наложенных на матрицы угроз и уязвимостей.
Сертификаты СЗИ
Каталог Сертификаты СЗИ может быть использован в модуле Активы как источник информации для поля Номер сертификата СЗИ. В модуле активов есть возможность вести реестр СЗИ используемых в организации, в свою очередь каталог сертификатов СЗИ позволяет связать актив с каталогом через поле актива Номер сертификата СЗИ.
Каталог Сертификаты СЗИ содержит реестр с информацией о номере сертификата, сроке действия сертификата и сроке поддержки СЗИ. Кроме реестра каталог содержит следующие метрики:
- Имеющиеся СЗИ - отображает количество активов у которых заполнено поле Номер сертификата СЗИ;
- Скоро будут просрочены - отображает количество активов у которых срок действия сертификата меньше 90 календарных дней;
- Просроченные сертификаты - отображает количество активов у которых срок действия сертификата уже истек;
- Истекшая поддержка - отображает количество активов у которых срок действия сертификата уже истек.
Каждая метрика ведёт в реестр активов и выводит список СЗИ, отфильтрованный по соответствующим параметрам.
Нажав на просмотр сертификата, мы увидим карточку сертификата, сервис хранит информацию о следующих данных:
- Номер сертификата;
- Дата внесения в реестр;
- Срок действия сертификата;
- Срок окончания тех. поддержки;
- Наименование средства (шифр);
- Схема сертификации;
- Испытательная лаборатория;
- Орган по сертификации;
- Заявитель;
- Наименования документов соответствия;
- Реквизиты заявителя.
Реестр обновляется автоматически один раз в месяц.
Куда я попал?
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
| Тип уязвимости: | Не зависит от других уязвимостей |
| Вероятность эксплойта: |
High
|
Идентификаторы ФСТЭК уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| BDU:2020-01211 | Уязвимость программной платформы ColdFusion, связанная с именами файлов для PHP-функций include или require, позволяющая нарушителю выполнить произвольный PHP код в целевой системе |
| BDU:2020-05573 | Уязвимость компонента /processReportGetter.php КТС "Маяк", позволяющая нарушителю получить доступ на чтение произвольных файлов |
| BDU:2021-06027 | Уязвимость сервера ArcGIS Server, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный HTML-код |
| BDU:2023-04596 | Уязвимость системы управления серверами Cockpit, связанная с неверным управлением именами файлов для PHP-функций include или require, позволяющая нарушителю выполнить произвольный код |
| BDU:2023-08350 | Уязвимость системы управления бизнесом bumsys, связанная с удаленным включением файлов PHP, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-03557 | Уязвимость сценария link.php программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-04119 | Уязвимость функции api_plugin_hook() программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный код |
| BDU:2024-10871 | Уязвимость микропрограммного обеспечения встраиваемых сетевых контроллеров управления зданиями ASPECT Enterprise, NEXUS Series, MATRIX Series, связанная с неверным управлением именами файлов для PHP-функций include или require, позволяющая нарушителю... |
| BDU:2024-10990 | Уязвимость плагина WP Umbrella: Update Backup Restore Monitoring системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации или выполнить произвольный код |
| BDU:2025-00940 | Уязвимость плагина Post Grid, Slider Carousel Ultimate системы управления содержимым сайта WordPress, связанная с неверным управлением именами файлов для PHP-функций include или require, позволяющая нарушителю получить несанкционированный доступ к за... |
| BDU:2025-01292 | Уязвимость микропрограммного обеспечения программируемых логических контроллеров ABB FBXi, FBVi, FBTi и CBXi, связанная с неверным управлением именами файлов для PHP-функций include или require, позволяющая нарушителю повысить свои привилегии и выпол... |
| BDU:2025-09583 | Уязвимость веб-интерфейса информационной системы о государственных и муниципальных платежах Республики Татарстан (ГИС ГМП), связанная с ошибками в логике работы веб-приложения, позволяющая нарушителю получить несанкционированный доступ к защищаемой и... |
| BDU:2025-11365 | Уязвимость программной системы управления активами предприятия IBM Maximo Asset Management, связанная с неограниченной загрузкой файлов опасного типа, позволяющая нарушителю оказать воздействие на целостность защищаемой информации |
| BDU:2025-14504 | Уязвимость плагина Motors - Events системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2025-14536 | Уязвимость инструмента визуализации данных NagVis инструмента для мониторинга ИТ-инфраструктуры Nagios XI, позволяющая нарушителю раскрыть конфиденциальную информацию |
| BDU:2025-16353 | Уязвимость компонента RestFilter веб-интерфейса управления корпоративной системы управления электронной почтой Zimbra Collaboration Suite (ZCS), позволяющая нарушителю выполнить произвольный код |
| BDU:2025-16386 | Уязвимость компонента Devnex Addons плагина WordPress Elementor, позволяющая нарушителю оказать воздействие на конциденциальность, целостность и доступность защиаемой информации |
| BDU:2025-16495 | Уязвимость плагина AI Mortgage Calculator системы управления содержимым сайта WordPress, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации |
| BDU:2026-00001 | Уязвимость плагина FULL Customer системы управления содержимым сайта WordPress, связанная с неверным управлением именами файлов для PHP-функций include или require, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации ил... |
| BDU:2026-00002 | Уязвимость плагина Calculator Builder системы управления содержимым сайта WordPress, связанная с неверным управлением именами файлов для PHP-функций include или require, позволяющая нарушителю получить несанкционированный доступ к защищаемой информац... |
Идентификаторы CVE уязвимостей
Идентификатор, базы данных общеизвестных уязвимостей информационной безопасности
| Идентификатор | Описание |
|---|---|
| CVE-2012-10025 | WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion |
| CVE-2014-9186 | A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.... |
| CVE-2015-10133 | Subscribe to Comments <= 2.1.2 - Local File Includion |
| CVE-2015-6461 | Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNO... |
| CVE-2016-6565 | The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 may execute code from an uploaded malicious file |
| CVE-2017-14095 | A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform... |
| CVE-2019-5479 | An unintended require vulnerability in <v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code (Ja... |
| CVE-2020-13175 | The Management Interface of the Teradici Cloud Access Connector and Cloud Access Connector Legacy for releases prior to April... |
| CVE-2020-5295 | Local File read vulnerability in OctoberCMS |
| CVE-2021-21804 | A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.... |
| CVE-2021-22968 | A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concret... |
| CVE-2021-29113 | Remote file inclusion vulnerability in ArcGIS Server help documentation |
| CVE-2022-4446 | PHP Remote File Inclusion in tsolucio/corebos |
| CVE-2022-4606 | PHP Remote File Inclusion in flatpressblog/flatpress |
| CVE-2022-4982 | DBLTek GoIP-1 vGHSFVT-1.1-67-5 Unauthenticated LFI |
| CVE-2023-2551 | PHP Remote File Inclusion in unilogies/bumsys |
| CVE-2023-25995 | WordPress AI Mortgage Calculator <= 1.0.1 - Local File Inclusion Vulnerability |
| CVE-2023-25998 | WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability |
| CVE-2023-25999 | WordPress BodyCenter - Gym, Fitness WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability |
| CVE-2023-26005 | WordPress Fitrush <= 1.3.4 - Local File Inclusion Vulnerability |
| CVE-2023-4195 | PHP Remote File Inclusion in cockpit-hq/cockpit |
| CVE-2023-49084 | Local File Inclusion (RCE) in Cacti |
| CVE-2024-0315 | Remote file inclusion vulnerability in FireEye Central Management |
| CVE-2024-10436 | WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion |
| CVE-2024-10571 | Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source |
| CVE-2024-10871 | Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion |
| CVE-2024-10873 | LA-Studio Element Kit for Elementor <= 1.4.2 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-10898 | Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-11289 | Soledad <= 8.5.9 - Unauthenticated Limited Local File Inclusion |
| CVE-2024-11429 | Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contr... |
| CVE-2024-12040 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'th... |
| CVE-2024-12209 | WP Umbrella: Update Backup Restore & Monitoring <= 2.17.0 - Unauthenticated Local File Inclusion |
| CVE-2024-12272 | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (... |
| CVE-2024-12563 | s2Member Pro <= 250214 - Authenticated (Contributor+) Local File Inclusion to Remote Code Execution via Shortcode |
| CVE-2024-12571 | Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion |
| CVE-2024-12811 | Traveler <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-12859 | BoomBox Theme Extensions <= 1.8.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-13353 | Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.4 - Authenticated (Contributor+... |
| CVE-2024-13408 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contrib... |
| CVE-2024-13592 | Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-13593 | BMLT Meeting Map <= 2.6.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-13790 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion |
| CVE-2024-14002 | Nagios XI < 2024R1.1.4 Authenticated Local File Inclusion via NagVis |
| CVE-2024-1600 | Local File Inclusion in parisneo/lollms-webui |
| CVE-2024-31459 | Cacti RCE vulnerability by file include in lib/plugin.php |
| CVE-2024-35629 | WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability |
| CVE-2024-35650 | WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability |
| CVE-2024-36415 | SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content lea... |
| CVE-2024-41925 | Optigo Networks ONS-S8 Spectra Aggregation Switch PHP Remote File Inclusion |
| CVE-2024-4315 | LFI Vulnerability due to Lack of Path Sanitization in parisneo/lollms |
| CVE-2024-43261 | WordPress Compute Links plugin <= 1.2.1 - Remote File Inclusion vulnerability |
| CVE-2024-4359 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authentica... |
| CVE-2024-45077 | IBM Maximo Asset Management file upload |
| CVE-2024-48029 | WordPress SB Random Posts Widget plugin <= 1.0 - Local File Inclusion vulnerability |
| CVE-2024-49243 | WordPress Dynamic Elementor Addons plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2024-49251 | WordPress Maan Addons For Elementor plugin <= 1.0.1 - Local File Inclusion vulnerability |
| CVE-2024-49317 | WordPress Point Maker plugin <= 0.1.4 - Local File Inclusion vulnerability |
| CVE-2024-49649 | WordPress Build App Online plugin <= 1.0.23 - Local File Inclusion vulnerability |
| CVE-2024-49690 | WordPress Qi Blocks plugin <= 1.3.2 - Local File Inclusion vulnerability |
| CVE-2024-49701 | WordPress Mags theme <= 1.1.6 - Local File Inclusion vulnerability |
| CVE-2024-50434 | WordPress NewsCard theme <= 1.3 - Local File Inclusion vulnerability |
| CVE-2024-50435 | WordPress Meta News theme <= 1.1.7 - Local File Inclusion vulnerability |
| CVE-2024-50436 | WordPress Clean Retina theme <= 3.0.6 - Local File Inclusion vulnerability |
| CVE-2024-50457 | WordPress Qode Essential Addons plugin <= 1.6.3 - Local File Inclusion vulnerability |
| CVE-2024-50497 | WordPress Advanced Online Ordering and Delivery Platform plugin <= 2.0.0 - Local File Inclusion vulnerability |
| CVE-2024-51541 | Local File Inclusion |
| CVE-2024-52381 | WordPress ZIJ KART plugin <= 1.1 - Local File Inclusion vulnerability |
| CVE-2024-52385 | WordPress Team Member – Multi Language Supported Team plugin <= 7.3 - Limited Local File Inclusion vulnerability |
| CVE-2024-52386 | WordPress Classified Listing plugin <= 3.1.15.1 - Local File Inclusion vulnerability |
| CVE-2024-52428 | WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability |
| CVE-2024-52450 | WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2024-52496 | WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability |
| CVE-2024-52497 | WordPress Shopready plugin <= 3.5 - Local File Inclusion vulnerability |
| CVE-2024-52499 | WordPress Pricing table addon for elementor plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2024-52501 | WordPress Office Locator plugin <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2024-53739 | WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability |
| CVE-2024-53800 | WordPress Rezgo Online Booking plugin <= 4.15 - Local File Inclusion vulnerability |
| CVE-2024-53824 | WordPress All Bootstrap Blocks plugin <= 1.3.20 - Local File Inclusion vulnerability |
| CVE-2024-54225 | WordPress Designer plugin <= 1.3.3 - Local File Inclusion vulnerability |
| CVE-2024-54270 | WordPress Axeptio plugin <= 2.5.3 - Local File Inclusion vulnerability |
| CVE-2024-54376 | WordPress EazyDocs plugin <= 2.5.5 - Local File Inclusion vulnerability |
| CVE-2024-56216 | WordPress Themify Builder plugin <= 7.6.3 - Local File Inclusion vulnerability |
| CVE-2024-56230 | WordPress Dynamic Product Category Grid, Slider for WooCommerce plugin <= 1.1.3 - Local File Inclusion vulnerability |
| CVE-2024-56281 | WordPress 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin <= 5.2.0 - Local File Inclusion vulnerability |
| CVE-2024-56282 | WordPress WPMozo Addons Lite for Elementor plugin <= 1.1.0 - Local File Inclusion vulnerability |
| CVE-2024-5762 | Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability |
| CVE-2024-6589 | LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-8252 | Clean Login <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-8392 | WordPress Post Grid Layouts with Pagination – Sogrid <= 1.5.2 - Authenticated (Admin+) Local File Inclusion |
| CVE-2024-8393 | Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion |
| CVE-2024-9193 | WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update |
| CVE-2024-9981 | FormosaSoft ee-class - Local File Inclusion |
| CVE-2025-0366 | Jupiter X Core <= 4.8.7 - Authenticated (Contributor+) SVG Upload to Local File Inclusion (Remote Code Execution) |
| CVE-2025-0632 | Local File Inclusion (LFI) leading to sensitive data exposure |
| CVE-2025-0682 | ThemeREX Addons <= 2.33.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2025-10143 | Catch Dark Mode <= 2.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-10269 | Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion |
| CVE-2025-11023 | Local File Inclusion in ArkSigner's AcBakImzala |
| CVE-2025-11704 | Elegance Menu <= 1.9 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-11722 | Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-11920 | WPCOM Member <= 1.7.14 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2025-12497 | Premium Portfolio Features for Phlox theme <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path] |
| CVE-2025-1707 | Review Schema <= 2.2.4 - Authenticated (Contributor+) Local File Inclusion via Post Meta |
| CVE-2025-1771 | Traveler <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post |
| CVE-2025-2101 | Edumall <= 4.2.4 - Unauthenticated Local File Inclusion |
| CVE-2025-22145 | Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale |
| CVE-2025-22279 | WordPress JetCompareWishlist plugin <= 1.5.9 - Local File Inclusion vulnerability |
| CVE-2025-22305 | WordPress Hero Banner Ultimate plugin <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2025-22311 | WordPress Private Messages for UserPro plugin <= 4.10.0 - Local File Inclusion vulnerability |
| CVE-2025-22364 | WordPress Ach Invoice App plugin <= 1.0.1 - Local File Inclusion vulnerability |
| CVE-2025-22508 | WordPress FAT Event Lite plugin <= 1.1 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability |
| CVE-2025-22656 | WordPress Cookie Monster Plugin <= 1.2.2 - Local File Inclusion vulnerability |
| CVE-2025-23915 | WordPress FAT Event Lite plugin <= 1.1 - Authenticated Non-Arbitrary Local File Inclusion vulnerability |
| CVE-2025-23937 | WordPress LinkedIn Lite Plugin <= 1.0 - Local File Inclusion vulnerability |
| CVE-2025-23938 | WordPress Image Gallery Box by CRUDLab Plugin <= 1.0.3 - Local File Inclusion vulnerability |
| CVE-2025-23945 | WordPress Popliup Plugin <= 1.1.1 - Local File Inclusion vulnerability |
| CVE-2025-23948 | WordPress Background animation blocks Plugin <= 2.1.5 - Local File Inclusion vulnerability |
| CVE-2025-23949 | WordPress Improved Sale Badges – Free Version Plugin <= 1.0.1 - Local File Inclusion vulnerability |
| CVE-2025-23952 | WordPress Custom Field List Widget Plugin <= 1.5.1 - Local File Inclusion vulnerability |
| CVE-2025-24690 | WordPress Formality Plugin <= 1.5.7 - Local File Inclusion vulnerability |
| CVE-2025-24733 | WordPress Post Grid Master plugin <= 3.4.12 - Local File Inclusion vulnerability |
| CVE-2025-24760 | WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability |
| CVE-2025-24761 | WordPress DSK <= 2.2 - Local File Inclusion Vulnerability |
| CVE-2025-24766 | WordPress News Magazine X <= 1.2.35 - Local File Inclusion Vulnerability |
| CVE-2025-24768 | WordPress Nitan <= 2.9 - Local File Inclusion Vulnerability |
| CVE-2025-24769 | WordPress Zenny theme <= 1.7.5 - Local File Inclusion Vulnerability |
| CVE-2025-24770 | WordPress CraftXtore <= 1.7 - Local File Inclusion Vulnerability |
| CVE-2025-24782 | WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local... |
| CVE-2025-25109 | WordPress Vehicle Manager plugin <= 3.1 - Local File Inclusion vulnerability |
| CVE-2025-25141 | WordPress Fami Sales Popup plugin <= 2.0.0 - Local File Inclusion vulnerability |
| CVE-2025-25172 | WordPress VidMov <= 1.9.4 - Local File Inclusion Vulnerability |
| CVE-2025-25174 | WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability |
| CVE-2025-26592 | WordPress Inset <= 1.18.0 - Local File Inclusion Vulnerability |
| CVE-2025-26735 | WordPress Grip theme <= 1.0.9 - Local File Inclusion vulnerability |
| CVE-2025-26757 | WordPress FULL – Cliente plugin <= 3.1.26 - Local File Inclusion vulnerability |
| CVE-2025-26760 | WordPress Calculator Builder plugin <= 1.6.2 - Local File Inclusion vulnerability |
| CVE-2025-26889 | WordPress hockeydata LOS plugin <= 1.2.4 - Local File Inclusion vulnerability |
| CVE-2025-26890 | WordPress HUSKY plugin <= 1.3.6.4 - Local File Inclusion vulnerability |
| CVE-2025-26894 | WordPress Coming Soon, Maintenance Mode plugin <= 1.1.1 - Local File Inclusion vulnerability |
| CVE-2025-26909 | WordPress Hide My WP Ghost plugin <= 5.4.01 - Local File Inclusion to RCE vulnerability |
| CVE-2025-26916 | WordPress Massive Dynamic theme <= 8.2 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2025-26932 | WordPress WPBot plugin <= 6.3.5 - Local File Inclusion vulnerability |
| CVE-2025-26933 | WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulnerability |
| CVE-2025-26957 | WordPress Affiliate Coupons plugin <= 1.7.3 - Local File Inclusion vulnerability |
| CVE-2025-26964 | WordPress Eventin plugin <= 4.0.20 - Local File Inclusion vulnerability |
| CVE-2025-26979 | WordPress Funnel Builder by FunnelKit plugin <= 3.9.0 - Local File Inclusion vulnerability |
| CVE-2025-26985 | WordPress Majestic Support plugin <= 1.0.6 - Local File Inclusion vulnerability |
| CVE-2025-26986 | WordPress Pearl Theme < 3.4.8 - Local File Inclusion vulnerability |
| CVE-2025-27011 | WordPress Booking and Rental Manager plugin <= 2.2.8 - Local File Inclusion vulnerability |
| CVE-2025-27015 | WordPress Hostiko Theme < 30.1 - Local File Inclusion vulnerability |
| CVE-2025-27264 | WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2025-27272 | WordPress VG PostCarousel plugin <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-27362 | WordPress Petito <= 1.6.2 - Local File Inclusion Vulnerability |
| CVE-2025-28888 | WordPress GiftXtore <= 1.7.4 - Local File Inclusion Vulnerability |
| CVE-2025-28916 | WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability |
| CVE-2025-28944 | WordPress Avaz <= 2.8 - Local File Inclusion Vulnerability |
| CVE-2025-28945 | WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability |
| CVE-2025-28946 | WordPress PrintXtore theme <= 1.7.5 - Local File Inclusion Vulnerability |
| CVE-2025-28947 | WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability |
| CVE-2025-28979 | WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability |
| CVE-2025-28990 | WordPress SNS Vicky theme <= 3.7 - Local File Inclusion Vulnerability |
| CVE-2025-28991 | WordPress Evon <= 3.4 - Local File Inclusion Vulnerability |
| CVE-2025-28992 | WordPress SNS Anton <= 4.1 - Local File Inclusion Vulnerability |
| CVE-2025-28998 | WordPress SERPed.net plugin <= 4.6 - Local File Inclusion Vulnerability |
| CVE-2025-29002 | WordPress Simen <= 4.6 - Local File Inclusion Vulnerability |
| CVE-2025-30635 | WordPress IDonatePro <= 2.1.9 - Local File Inclusion Vulnerability |
| CVE-2025-30782 | WordPress Subscribe to Download Lite plugin <= 1.2.9 - Local File Inclusion vulnerability |
| CVE-2025-30785 | WordPress Subscribe to Download Lite <= 1.2.9 - Local File Inclusion Vulnerability |
| CVE-2025-30814 | WordPress The Post Grid plugin <= 7.7.17 - Local File Inclusion vulnerability |
| CVE-2025-30820 | WordPress WishSuite plugin <= 1.4.4 - Local File Inclusion Vulnerability |
| CVE-2025-30829 | WordPress WPCafe plugin <= 2.2.31 - Local File Inclusion vulnerability |
| CVE-2025-30831 | WordPress Themify Event Post Plugin <= 1.3.2 - Local File Inclusion vulnerability |
| CVE-2025-30835 | WordPress Accounting for WooCommerce plugin <= 1.6.8 - Local File Inclusion vulnerability |
| CVE-2025-30845 | WordPress The Pack Elementor addons plugin <= 2.1.1 - Local File Inclusion vulnerability |
| CVE-2025-30846 | WordPress Restaurant Menu by MotoPress plugin <= 2.4.4 - Local File Inclusion vulnerability |
| CVE-2025-30849 | WordPress Essential Real Estate plugin <= 5.2.0 - Local File Inclusion Vulnerability |
| CVE-2025-30868 | WordPress Team Manager plugin <= 2.1.23 - Local File Inclusion Vulnerability |
| CVE-2025-30870 | WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability |
| CVE-2025-30871 | WordPress WP Travel Engine plugin <= 6.3.5 - Local File Inclusion vulnerability |
| CVE-2025-30890 | WordPress Login Widget for Ultimate Member plugin <= 1.1.2 - Local File Inclusion vulnerability |
| CVE-2025-30891 | WordPress WpTravelly Plugin <= 1.8.7 - Local File Inclusion vulnerability |
| CVE-2025-30901 | WordPress JS Help Desk plugin <= 2.9.2 - Local File Inclusion vulnerability |
| CVE-2025-30992 | WordPress Puca theme <= 2.6.33 - Local File Inclusion Vulnerability |
| CVE-2025-30999 | WordPress WP Shopify <= 1.5.3 - Local File Inclusion Vulnerability |
| CVE-2025-31014 | WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-31015 | WordPress WordPress SMTP Service, Email Delivery Solved! — MailHawk <= 1.3.1 - Local File Inclusion Vulnerability |
| CVE-2025-31016 | WordPress JetWooBuilder plugin <= 2.1.18 - Local File Inclusion vulnerability |
| CVE-2025-31030 | WordPress Ray Enterprise Translation <= 1.7.0 - Local File Inclusion Vulnerability |
| CVE-2025-31040 | WordPress WP Food ordering and Restaurant Menu <= 1.1 - Local File Inclusion Vulnerability |
| CVE-2025-31060 | WordPress Capie <= 1.0.40 - Local File Inclusion Vulnerability |
| CVE-2025-31064 | WordPress Vizeon - Business Consulting <= 1.1.7 - Local File Inclusion Vulnerability |
| CVE-2025-31082 | WordPress News & Blog Designer Pack plugin <= 4.0 - Local File Inclusion vulnerability |
| CVE-2025-31097 | WordPress Material Dashboard <= 1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-31098 | WordPress DeBounce Email Validator <= 5.7 - Local File Inclusion Vulnerability |
| CVE-2025-31340 | Wisdom Master Pro - Improper Control of Filename for Include/Require Statement in PHP Program |
| CVE-2025-31387 | WordPress InstaWP Connect plugin <= 0.1.0.82 - Local File Inclusion vulnerability |
| CVE-2025-31405 | WordPress Fami WooCommerce Compare plugin <= 1.0.5 - Local File Inclusion vulnerability |
| CVE-2025-31432 | WordPress Pop-Up Chop Chop <= 2.1.7 - Local File Inclusion Vulnerability |
| CVE-2025-31632 | WordPress La Boom <= 2.7 - Local File Inclusion Vulnerability |
| CVE-2025-31633 | WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability |
| CVE-2025-31912 | WordPress Enzio - Responsive Business WordPress Theme <= 1.1.8 - Local File Inclusion Vulnerability |
| CVE-2025-31913 | WordPress Ogami <= 1.53 - Local File Inclusion Vulnerability |
| CVE-2025-32141 | WordPress MasterStudy LMS plugin <= 3.5.23 - Local File Inclusion vulnerability |
| CVE-2025-32142 | WordPress Motors plugin <= 1.4.65 - Local File Inclusion vulnerability |
| CVE-2025-32146 | WordPress JS Job Manager plugin <= 2.0.2 - Local File Inclusion vulnerability |
| CVE-2025-32150 | WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability |
| CVE-2025-32151 | WordPress BuddyForms Plugin <= 2.8.15 - Local File Inclusion vulnerability |
| CVE-2025-32152 | WordPress Slider a SlidersPack Plugin <= 2.3 - Local File Inclusion vulnerability |
| CVE-2025-32153 | WordPress VG WooCarousel plugin <= 1.3 - Local File Inclusion vulnerability |
| CVE-2025-32154 | WordPress Catch Dark Mode plugin <= 1.2.1 - Local File Inclusion vulnerability |
| CVE-2025-32155 | WordPress Beds24 Online Booking plugin <= 2.0.26 - Local File Inclusion vulnerability |
| CVE-2025-32156 | WordPress Just Post Preview Widget plugin <= 1.1.1 - Local File Inclusion vulnerability |
| CVE-2025-32157 | WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Local File Inclusion vulnerability |
| CVE-2025-32158 | WordPress aThemes Addons for Elementor plugin <= 1.0.15 - Local File Inclusion vulnerability |
| CVE-2025-32159 | WordPress Radius Blocks plugin <= 2.2.1 - Local File Inclusion vulnerability |
| CVE-2025-32160 | WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability |
| CVE-2025-32286 | WordPress Butcher <= 2.40 - Local File Inclusion Vulnerability |
| CVE-2025-32288 | WordPress RT-Theme 18 | Extensions plugin <= 2.4 - Local File Inclusion Vulnerability |
| CVE-2025-32289 | WordPress Yozi <= 2.0.52 - Local File Inclusion Vulnerability |
| CVE-2025-32294 | WordPress Oxpitan <= 1.3.1 - Local File Inclusion Vulnerability |
| CVE-2025-32298 | WordPress CTUsers plugin <= 1.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-32302 | WordPress Winnex <= 1.3.2 - Local File Inclusion Vulnerability |
| CVE-2025-32309 | WordPress Healsoul <= 2.0.2 - Local File Inclusion Vulnerability |
| CVE-2025-32499 | WordPress Logo Showcase Ultimate plugin <= 1.4.4 - Local File Inclusion vulnerability |
| CVE-2025-32519 | WordPress IDonate plugin <= 2.1.8 - Local File Inclusion vulnerability |
| CVE-2025-32549 | WordPress WPGYM <= 65.0 - Local File Inclusion Vulnerability |
| CVE-2025-32577 | WordPress Build App Online Plugin <= 1.0.23 - Local File Inclusion vulnerability |
| CVE-2025-32589 | WordPress Flexi – Guest Submit Plugin <= 4.28 - Local File Inclusion vulnerability |
| CVE-2025-32595 | WordPress Krowd <= 1.4.1 - Local File Inclusion Vulnerability |
| CVE-2025-32614 | WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability |
| CVE-2025-32627 | WordPress JS Job Manager plugin <= 2.0.2 - Local File Inclusion vulnerability |
| CVE-2025-32654 | WordPress Motors plugin <= 1.4.65 - Local File Inclusion vulnerability |
| CVE-2025-32656 | WordPress Testimonial Slider and Showcase Pro plugin <= 2.3.15 - Local File Inclusion vulnerability |
| CVE-2025-32657 | WordPress Testimonial Slider and Showcase Pro plugin <= 2.1.7 - Local File Inclusion vulnerability |
| CVE-2025-32663 | WordPress FAT Cooming Soon plugin <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-32668 | WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability |
| CVE-2025-32672 | WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.9 - Local File Inclusion Vulnerability |
| CVE-2025-32692 | WordPress WP Subscription Forms <= 1.2.4 - Local File Inclusion Vulnerability |
| CVE-2025-32921 | WordPress Arrival theme <= 1.4.5 - Local File Inclusion vulnerability |
| CVE-2025-32925 | WordPress SUMO Reward Points plugin <= 30.7.0 - Local File Inclusion vulnerability |
| CVE-2025-3703 | WordPress CSS & JavaScript Toolbox < 12.0.3 - Local File Inclusion Vulnerability |
| CVE-2025-39359 | WordPress CWW Portfolio theme <= 1.3.1 - Local File Inclusion vulnerability |
| CVE-2025-39360 | WordPress Grace Mag theme <= 1.1.5 - Local File Inclusion vulnerability |
| CVE-2025-39364 | WordPress Product Category Slider for WooCommerce plugin <= 4.3.4 - Local File Inclusion vulnerability |
| CVE-2025-39378 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Local File Inclusion vulnera... |
| CVE-2025-39379 | WordPress Capturly plugin <= 2.0.1 - Local File Inclusion vulnerability |
| CVE-2025-39383 | WordPress Xews Lite plugin <= 1.0.9 - Local File Inclusion vulnerability |
| CVE-2025-39384 | WordPress Product Lister for eBay plugin <= 2.0.9 - Local File Inclusion vulnerability |
| CVE-2025-39387 | WordPress Opstore theme <= 1.4.5 - Local File Inclusion vulnerability |
| CVE-2025-39391 | WordPress Checkout Field Visibility for WooCommerce plugin <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-39396 | WordPress JetReviews plugin <= 2.3.6 - Local File Inclusion vulnerability |
| CVE-2025-39399 | WordPress License For Envato plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2025-39406 | WordPress WPAMS plugin <= 44.0 - Local File Inclusion to Privilege Escalation vulnerability |
| CVE-2025-39411 | WordPress WhatsApp Click to Chat Plugin for WordPress plugin <= 2.2.12 - Local File Inclusion vulnerability |
| CVE-2025-39429 | WordPress Széchenyi 2020 Logo <= 1.1 - Local File Inclusion Vulnerability |
| CVE-2025-39452 | WordPress WPCafe plugin <= 2.2.32 - Local File Inclusion vulnerability |
| CVE-2025-39458 | WordPress Foton theme <= 2.5.2 - Local File Inclusion vulnerability |
| CVE-2025-39461 | WordPress Docket Cache plugin <= 24.07.02 - Local File Inclusion vulnerability |
| CVE-2025-39462 | WordPress Smart Agreements plugin <= 1.0.3 - Local File Inclusion vulnerability |
| CVE-2025-39463 | WordPress Dessau theme < 1.9 - Local File Inclusion vulnerability |
| CVE-2025-39466 | WordPress Dør theme <= 2.4 - Local File Inclusion Vulnerability |
| CVE-2025-39468 | WordPress Modal Survey plugin <= 2.0.2.0.1 - Local File Inclusion vulnerability |
| CVE-2025-39476 | WordPress Revo theme <= 4.0.26 - Local File Inclusion Vulnerability |
| CVE-2025-39490 | WordPress Backpack Traveler <= 2.7 - Local File Inclusion Vulnerability |
| CVE-2025-39494 | WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability |
| CVE-2025-39506 | WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability |
| CVE-2025-39507 | WordPress Nasa Core Plugin <= 6.3.2 - Local File Inclusion vulnerability |
| CVE-2025-39526 | WordPress Hotel Booking Plugin <= 3.6 - Local File Inclusion vulnerability |
| CVE-2025-39570 | WordPress WPCOM Member <= 1.7.7 - Local File Inclusion Vulnerability |
| CVE-2025-39584 | WordPress Eventin <= 4.0.25 - Local File Inclusion Vulnerability |
| CVE-2025-39592 | WordPress Subscribe to Unlock Lite <= 1.3.0 - Local File Inclusion Vulnerability |
| CVE-2025-4200 | Zagg - Electronics & Accessories WooCommerce WordPress Theme <= 1.4.1 - Unauthenticated Local File Inclusion |
| CVE-2025-4380 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion |
| CVE-2025-4414 | WordPress CMSMasters Content Composer < 2.5.7 - Local File Inclusion Vulnerability |
| CVE-2025-46230 | WordPress Popup Builder <= 1.1.35 - Local File Inclusion Vulnerability |
| CVE-2025-46444 | WordPress Ads Pro plugin <= 4.88 - Local File Inclusion vulnerability |
| CVE-2025-46454 | WordPress Meta Keywords & Description <= 0.8 - Local File Inclusion Vulnerability |
| CVE-2025-46468 | WordPress Fable Extra <= 1.0.6 - Local File Inclusion Vulnerability |
| CVE-2025-46474 | WordPress SEUR Oficial <= 2.2.23 - Local File Inclusion Vulnerability |
| CVE-2025-4689 | Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Local File Inclusion to Remote Code Ex... |
| CVE-2025-47438 | WordPress WP Job Portal plugin <= 2.3.1 - Local File Inclusion vulnerability |
| CVE-2025-47439 | WordPress Download Monitor <= 5.0.22 - Local File Inclusion Vulnerability |
| CVE-2025-47440 | WordPress WPAdverts <= 2.2.2 - Local File Inclusion Vulnerability |
| CVE-2025-47453 | WordPress WP Smart Import <= 1.1.3 - Local File Inclusion Vulnerability |
| CVE-2025-47494 | WordPress EventON <= 2.4.1 - Local File Inclusion Vulnerability |
| CVE-2025-47496 | WordPress PublishPress Authors <= 4.7.5 - Local File Inclusion Vulnerability |
| CVE-2025-47498 | WordPress Hotel Booking <= 3.6 - Local File Inclusion Vulnerability |
| CVE-2025-47508 | WordPress GamiPress <= 7.3.7 - Local File Inclusion Vulnerability |
| CVE-2025-47510 | WordPress Display Eventbrite Events < 6.3 - Local File Inclusion Vulnerability |
| CVE-2025-47531 | WordPress XT Event Widget for Social Events <= 1.1.7 - Local File Inclusion Vulnerability |
| CVE-2025-47571 | WordPress Super Store Finder plugin <= 6.9.7 - Local File Inclusion vulnerability |
| CVE-2025-47572 | WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-47576 | WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability |
| CVE-2025-47586 | WordPress Motors - Events plugin <= 1.4.7 - Unauthenticated Local File Inclusion vulnerability |
| CVE-2025-47627 | WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability |
| CVE-2025-47653 | WordPress WP-Recall <= 16.26.14 - Local File Inclusion Vulnerability |
| CVE-2025-47670 | WordPress WordPress Social Login and Register <= 7.6.10 - Local File Inclusion Vulnerability |
| CVE-2025-47672 | WordPress miniOrange Discord Integration <= 2.2.2 - Local File Inclusion Vulnerability |
| CVE-2025-47693 | WordPress Fat Services Booking plugin <= 5.5 - Local File Inclusion vulnerability |
| CVE-2025-47695 | WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability |
| CVE-2025-47696 | WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability |
| CVE-2025-48125 | WordPress WP Event Manager <= 3.1.49 - Local File Inclusion Vulnerability |
| CVE-2025-48126 | WordPress Essential Real Estate <= 5.2.1 - Local File Inclusion Vulnerability |
| CVE-2025-48136 | WordPress Mortgage Calculator Estatik <= 2.0.12 - Local File Inclusion Vulnerability |
| CVE-2025-48149 | WordPress Cook&Meal <= 1.2.3 - Local File Inclusion Vulnerability |
| CVE-2025-48157 | WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability |
| CVE-2025-48160 | WordPress Caliris <= 1.5 - Local File Inclusion Vulnerability |
| CVE-2025-48171 | WordPress Cena Store <= 2.11.26 - Local File Inclusion Vulnerability |
| CVE-2025-48290 | WordPress Kinsley theme <= 3.4.4 - Local File Inclusion vulnerability |
| CVE-2025-48292 | WordPress Tourmaster plugin <= 5.3.8 - Local File Inclusion vulnerability |
| CVE-2025-48293 | WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability |
| CVE-2025-48298 | WordPress SEOPress for MainWP <= 1.4 - Local File Inclusion Vulnerability |
| CVE-2025-48302 | WordPress FundEngine Plugin <= 1.7.4 - Local File Inclusion Vulnerability |
| CVE-2025-48330 | WordPress Real Time Validation for Gravity Forms <= 1.7.0 - Local File Inclusion Vulnerability |
| CVE-2025-48332 | WordPress Gutenberg Blocks <= 3.3.1 - Local File Inclusion Vulnerability |
| CVE-2025-48338 | WordPress WP Abstracts plugin <= 2.7.4 - Local File Inclusion vulnerability |
| CVE-2025-49036 | WordPress Premium Addons for KingComposer Plugin <= 1.1.1 - Local File Inclusion Vulnerability |
| CVE-2025-49070 | WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability |
| CVE-2025-49251 | WordPress Fana <= 1.1.28 - Local File Inclusion Vulnerability |
| CVE-2025-49252 | WordPress Besa <= 2.3.8 - Local File Inclusion Vulnerability |
| CVE-2025-49253 | WordPress Lasa <= 1.1 - Local File Inclusion Vulnerability |
| CVE-2025-49254 | WordPress Nika <= 1.2.8 - Local File Inclusion Vulnerability |
| CVE-2025-49255 | WordPress Ruza <= 1.0.7 - Local File Inclusion Vulnerability |
| CVE-2025-49256 | WordPress Sapa <= 1.1.14 - Local File Inclusion Vulnerability |
| CVE-2025-49257 | WordPress Zota <= 1.3.8 - Local File Inclusion Vulnerability |
| CVE-2025-49258 | WordPress Maia <= 1.1.15 - Local File Inclusion Vulnerability |
| CVE-2025-49259 | WordPress Hara <= 1.2.10 - Local File Inclusion Vulnerability |
| CVE-2025-49260 | WordPress Aora <= 1.3.9 - Local File Inclusion Vulnerability |
| CVE-2025-49261 | WordPress Diza <= 1.3.8 - Local File Inclusion Vulnerability |
| CVE-2025-49264 | WordPress Cloud SAML SSO - Single Sign On Login <= 1.0.18 - Local File Inclusion Vulnerability |
| CVE-2025-49271 | WordPress GravityWP - Merge Tags <= 1.4.4 - Local File Inclusion Vulnerability |
| CVE-2025-49275 | WordPress Blogbyte <= 1.1.1 - Local File Inclusion Vulnerability |
| CVE-2025-49276 | WordPress Blogmine <= 1.1.7 - Local File Inclusion Vulnerability |
| CVE-2025-49277 | WordPress Blogprise <= 1.0.9 - Local File Inclusion Vulnerability |
| CVE-2025-49278 | WordPress Blogty <= 1.0.11 - Local File Inclusion Vulnerability |
| CVE-2025-49279 | WordPress Blogvy <= 1.0.7 - Local File Inclusion Vulnerability |
| CVE-2025-49280 | WordPress Magty <= 1.0.6 - Local File Inclusion Vulnerability |
| CVE-2025-49281 | WordPress Magways <= 1.2.1 - Local File Inclusion Vulnerability |
| CVE-2025-49282 | WordPress Magze <= 1.0.9 - Local File Inclusion Vulnerability |
| CVE-2025-49307 | WordPress WP Multilang <= 2.4.19 - Local File Inclusion Vulnerability |
| CVE-2025-49308 | WordPress WP Travel Engine <= 6.5.1 - Local File Inclusion Vulnerability |
| CVE-2025-49313 | WordPress BRW <= 1.8.6 - Local File Inclusion Vulnerability |
| CVE-2025-49383 | WordPress Neresa Theme <= 1.3 - Local File Inclusion Vulnerability |
| CVE-2025-49405 | WordPress Houzez Theme < 4.1.4 - Local File Inclusion Vulnerability |
| CVE-2025-49416 | WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-49454 | WordPress TinySalt < 3.10.0 - Local File Inclusion Vulnerability |
| CVE-2025-49508 | WordPress CozyStay < 1.7.1 - Local File Inclusion Vulnerability |
| CVE-2025-49883 | WordPress Greenmart theme <= 4.2.3 - Local File Inclusion Vulnerability |
| CVE-2025-49886 | WordPress Zikzag Core plugin <= 1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-49921 | WordPress JetReviews plugin <= 3.0.0 - Local File Inclusion vulnerability |
| CVE-2025-49935 | WordPress WoodMart theme < 8.3.2 - Local File Inclusion vulnerability |
| CVE-2025-52562 | Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution |
| CVE-2025-52708 | WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability |
| CVE-2025-52715 | WordPress Classified Listing plugin <= 4.2.0 - Local File Inclusion Vulnerability |
| CVE-2025-52716 | WordPress WP REST Cache <= 2025.1.0 - Local File Inclusion Vulnerability |
| CVE-2025-52723 | WordPress Networker theme <= 1.2.0 - Local File Inclusion Vulnerability |
| CVE-2025-52728 | WordPress Responsive Posts Carousel WordPress Plugin Plugin <= 15.0 - Local File Inclusion Vulnerability |
| CVE-2025-52729 | WordPress Diza theme <= 1.3.9 - Local File Inclusion Vulnerability |
| CVE-2025-52732 | WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability |
| CVE-2025-52806 | WordPress JobSearch Plugin <= 2.9.0 - Local File Inclusion Vulnerability |
| CVE-2025-52807 | WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability |
| CVE-2025-52808 | WordPress RealtyElite theme <= 1.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-52809 | WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability |
| CVE-2025-52812 | WordPress Domnoo theme <= 1.49 - Local File Inclusion Vulnerability |
| CVE-2025-52814 | WordPress BRW plugin <= 1.7.9 - Local File Inclusion Vulnerability |
| CVE-2025-52815 | WordPress CityGov theme <= 1.9 - Local File Inclusion Vulnerability |
| CVE-2025-52816 | WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability |
| CVE-2025-53198 | WordPress Houzez theme <= 4.0.4 - Local File Inclusion Vulnerability |
| CVE-2025-53204 | WordPress eventlist plugin <= 1.9.2 - Local File Inclusion Vulnerability |
| CVE-2025-53207 | WordPress WP Travel Gutenberg Blocks plugin <= 3.9.0 - Local File Inclusion Vulnerability |
| CVE-2025-53210 | WordPress ZoloBlocks Plugin <= 2.3.2 - Local File Inclusion Vulnerability |
| CVE-2025-53216 | WordPress Glamer Theme <= 1.0.2 - Local File Inclusion Vulnerability |
| CVE-2025-53227 | WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability |
| CVE-2025-53244 | WordPress Magazine Elite Theme <= 1.2.4 - Local File Inclusion Vulnerability |
| CVE-2025-53247 | WordPress BlogMarks Theme <= 1.0.8 - Local File Inclusion Vulnerability |
| CVE-2025-53248 | WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability |
| CVE-2025-53252 | WordPress Zegen Theme <= 1.1.9 - Local File Inclusion Vulnerability |
| CVE-2025-53257 | WordPress Gmedia Photo Gallery plugin <= 1.23.0 - Local File Inclusion Vulnerability |
| CVE-2025-53259 | WordPress Hotel Booking plugin <= 3.7 - Local File Inclusion Vulnerability |
| CVE-2025-53281 | WordPress WPB Category Slider for WooCommerce plugin <= 1.71 - Local File Inclusion Vulnerability |
| CVE-2025-53326 | WordPress Gutenify Plugin <= 1.5.6 - Local File Inclusion Vulnerability |
| CVE-2025-53328 | WordPress Poll, Survey & Quiz Maker Plugin by Opinion Stage Plugin <= 19.11.0 - Local File Inclusion Vulnerability |
| CVE-2025-53334 | WordPress Jannah Theme <= 7.4.1 - Local File Inclusion Vulnerability |
| CVE-2025-53339 | WordPress Devnex Addons For Elementor plugin <= 1.0.9 - Local File Inclusion Vulnerability |
| CVE-2025-53429 | WordPress Exit Game theme <= 1.4.3 - Local File Inclusion vulnerability |
| CVE-2025-53430 | WordPress Etta theme <= 1.14.0 - Local File Inclusion vulnerability |
| CVE-2025-53431 | WordPress Emberlyn theme <= 1.3.1 - Local File Inclusion vulnerability |
| CVE-2025-53432 | WordPress Echo theme <= 1.15.0 - Local File Inclusion vulnerability |
| CVE-2025-53433 | WordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability |
| CVE-2025-53434 | WordPress ChildHope theme <= 1.1.8 - Local File Inclusion vulnerability |
| CVE-2025-53435 | WordPress Plan My Day theme <= 1.1.13 - Local File Inclusion vulnerability |
| CVE-2025-53436 | WordPress Monki theme <= 2.0.4 - Local File Inclusion vulnerability |
| CVE-2025-53437 | WordPress Greenorganic theme <= 2.45 - Local File Inclusion vulnerability |
| CVE-2025-53438 | WordPress FitLine theme <= 1.6 - Local File Inclusion vulnerability |
| CVE-2025-53439 | WordPress Harper theme <= 1.13 - Local File Inclusion vulnerability |
| CVE-2025-53441 | WordPress Greeny theme <= 2.6 - Local File Inclusion vulnerability |
| CVE-2025-53442 | WordPress Rentic theme <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-53443 | WordPress Smash theme <= 1.7 - Local File Inclusion vulnerability |
| CVE-2025-53445 | WordPress Catwalk theme <= 1.4 - Local File Inclusion vulnerability |
| CVE-2025-53446 | WordPress Beautique theme <= 1.5 - Local File Inclusion vulnerability |
| CVE-2025-53447 | WordPress Assembly theme <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-53448 | WordPress Rally theme <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-53449 | WordPress Convex theme <= 1.11 - Local File Inclusion vulnerability |
| CVE-2025-53450 | WordPress Easy Pricing Table WP Plugin <= 1.1.3 - Local File Inclusion Vulnerability |
| CVE-2025-53453 | WordPress Hygia theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-53565 | WordPress Widget for Google Reviews <= 1.0.15 - Local File Inclusion Vulnerability |
| CVE-2025-53567 | WordPress Ghost Kit <= 3.4.1 - Local File Inclusion Vulnerability |
| CVE-2025-53576 | WordPress Ovatheme Events Plugin <= 1.2.8 - Local File Inclusion Vulnerability |
| CVE-2025-53578 | WordPress Kipso Theme <= 1.3.4 - Local File Inclusion Vulnerability |
| CVE-2025-54015 | WordPress HT Contact Form 7 plugin <= 2.0.0 - Local File Inclusion Vulnerability |
| CVE-2025-54017 | WordPress Paid Member Subscriptions <= 2.15.4 - Local File Inclusion Vulnerability |
| CVE-2025-54028 | WordPress CF7 WOW Styler Plugin <= 1.7.2 - Local File Inclusion Vulnerability |
| CVE-2025-54031 | WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability |
| CVE-2025-54034 | WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability |
| CVE-2025-54138 | LibreNMS has Authenticated Local File Inclusion in ajax_form.php that Allows RCE |
| CVE-2025-54689 | WordPress Urna Theme <= 2.5.7 - Local File Inclusion Vulnerability |
| CVE-2025-54690 | WordPress Xinterio Theme <= 4.2 - Local File Inclusion Vulnerability |
| CVE-2025-54700 | WordPress Makeaholic Theme <= 1.8.4 - Local File Inclusion Vulnerability |
| CVE-2025-54701 | WordPress Unicamp Theme <= 2.6.3 - Local File Inclusion Vulnerability |
| CVE-2025-54709 | WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability |
| CVE-2025-54716 | WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability |
| CVE-2025-54750 | WordPress Funnel Builder by FunnelKit Plugin <= 3.11.1 - Local File Inclusion Vulnerability |
| CVE-2025-57889 | WordPress InPost Gallery Plugin <= 2.1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-57925 | WordPress immonex Kickstart Team Plugin <= 1.6.9 - Local File Inclusion Vulnerability |
| CVE-2025-58206 | WordPress MaxCoach Theme <= 3.2.5 - Local File Inclusion Vulnerability |
| CVE-2025-58214 | WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability |
| CVE-2025-58215 | WordPress Ziston Theme < 1.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-58225 | WordPress Paragon theme <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-58608 | WordPress MediaPress Plugin <= 1.5.9.1 - Local File Inclusion Vulnerability |
| CVE-2025-58637 | WordPress immonex Kickstart Plugin <= 1.11.6 - Local File Inclusion Vulnerability |
| CVE-2025-58706 | WordPress Woo Hoo theme <= 1.25 - Local File Inclusion vulnerability |
| CVE-2025-58708 | WordPress 777 theme <= 1.3 - Local File Inclusion vulnerability |
| CVE-2025-58709 | WordPress Legacy theme <= 1.9 - Local File Inclusion vulnerability |
| CVE-2025-58803 | WordPress Algenix theme <= 1.0 - Local File Inclusion vulnerability |
| CVE-2025-58879 | WordPress Festy theme <= 1.13.0 - Local File Inclusion vulnerability |
| CVE-2025-58885 | WordPress Pathfinder theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-58888 | WordPress The Flash theme <= 1.15 - Local File Inclusion vulnerability |
| CVE-2025-58889 | WordPress Towny theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-58890 | WordPress Playful theme <= 1.19.0 - Local File Inclusion vulnerability |
| CVE-2025-58891 | WordPress Sanger theme <= 1.24.0 - Local File Inclusion vulnerability |
| CVE-2025-58892 | WordPress Tourimo theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-58893 | WordPress Alright theme <= 1.6.1 - Local File Inclusion vulnerability |
| CVE-2025-58894 | WordPress Good Mood theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-58895 | WordPress Integro theme <= 1.8.0 - Local File Inclusion vulnerability |
| CVE-2025-58896 | WordPress Otaku theme <= 1.8.0 - Local File Inclusion vulnerability |
| CVE-2025-58898 | WordPress HealthHub theme <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2025-58899 | WordPress Frame theme <= 2.4.0 - Local File Inclusion vulnerability |
| CVE-2025-58900 | WordPress UniTravel theme <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2025-58901 | WordPress Takeout theme <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2025-58923 | WordPress Critique theme <= 1.17 - Local File Inclusion vulnerability |
| CVE-2025-58925 | WordPress Neptunus theme <= 1.0.11 - Local File Inclusion vulnerability |
| CVE-2025-58926 | WordPress Cerebrum theme <= 1.12 - Local File Inclusion vulnerability |
| CVE-2025-58927 | WordPress Stallion theme <= 1.17 - Local File Inclusion vulnerability |
| CVE-2025-58928 | WordPress Heart theme <= 1.8 - Local File Inclusion vulnerability |
| CVE-2025-58929 | WordPress Pantry theme <= 1.4 - Local File Inclusion vulnerability |
| CVE-2025-58930 | WordPress FitFlex theme <= 1.6 - Local File Inclusion vulnerability |
| CVE-2025-58931 | WordPress Palatio theme <= 1.6 - Local File Inclusion vulnerability |
| CVE-2025-58932 | WordPress Prisma theme <= 1.10 - Local File Inclusion vulnerability |
| CVE-2025-58933 | WordPress Anubis theme <= 1.25 - Local File Inclusion vulnerability |
| CVE-2025-58934 | WordPress The Gig theme <= 1.18.0 - Local File Inclusion vulnerability |
| CVE-2025-58935 | WordPress Lunna theme <= 1.15 - Local File Inclusion vulnerability |
| CVE-2025-58936 | WordPress Catamaran theme <= 1.15 - Local File Inclusion vulnerability |
| CVE-2025-58937 | WordPress Tacticool theme <= 1.0.13 - Local File Inclusion vulnerability |
| CVE-2025-58940 | WordPress Basil theme <= 1.3.12 - Local File Inclusion vulnerability |
| CVE-2025-58941 | WordPress Fabric theme <= 1.5.0 - Local File Inclusion vulnerability |
| CVE-2025-58942 | WordPress Dwell theme <= 1.7.0 - Local File Inclusion vulnerability |
| CVE-2025-58943 | WordPress Agricola theme <= 1.1.0 - Local File Inclusion vulnerability |
| CVE-2025-58944 | WordPress Manufactory theme <= 1.4 - Local File Inclusion vulnerability |
| CVE-2025-58945 | WordPress EcoGrow theme <= 1.7 - Local File Inclusion vulnerability |
| CVE-2025-58946 | WordPress Vocal theme <= 1.12 - Local File Inclusion vulnerability |
| CVE-2025-58947 | WordPress Athos theme <= 1.9 - Local File Inclusion vulnerability |
| CVE-2025-58948 | WordPress Aromatica theme <= 1.8 - Local File Inclusion vulnerability |
| CVE-2025-58949 | WordPress Spock theme <= 1.17 - Local File Inclusion vulnerability |
| CVE-2025-58950 | WordPress Lione theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-58955 | WordPress Karzo theme < 2.6 - Local File Inclusion vulnerability |
| CVE-2025-58958 | WordPress SmilePure Theme < 1.8.5 - Local File Inclusion Vulnerability |
| CVE-2025-58967 | WordPress Businext theme < 2.4.4 - Local File Inclusion vulnerability |
| CVE-2025-58973 | WordPress Easy Elementor Addons Plugin <= 2.2.8 - Local File Inclusion Vulnerability |
| CVE-2025-58994 | WordPress Greenify theme <= 2.2 - Local File Inclusion vulnerability |
| CVE-2025-58995 | WordPress Leblix Theme <= 2.4 - Local File Inclusion Vulnerability |
| CVE-2025-59550 | WordPress Xcare theme < 6.5 - Local File Inclusion vulnerability |
| CVE-2025-59555 | WordPress Medizin Theme < 1.9.7 - Local File Inclusion Vulnerability |
| CVE-2025-59558 | WordPress Billey Theme < 2.1.6 - Local File Inclusion Vulnerability |
| CVE-2025-59564 | WordPress EduMall Theme < 4.4.5 - Local File Inclusion Vulnerability |
| CVE-2025-59588 | WordPress Soledad Theme <= 8.6.8 - Local File Inclusion Vulnerability |
| CVE-2025-60042 | WordPress Chinchilla theme <= 1.16 - Local File Inclusion vulnerability |
| CVE-2025-60043 | WordPress Wanderic theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2025-60044 | WordPress Fribbo theme <= 1.1.0 - Local File Inclusion vulnerability |
| CVE-2025-60046 | WordPress HeartStar theme <= 1.0.14 - Local File Inclusion vulnerability |
| CVE-2025-60047 | WordPress IPharm theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-60048 | WordPress Tripster theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2025-60049 | WordPress Soleil theme <= 1.17 - Local File Inclusion vulnerability |
| CVE-2025-60050 | WordPress Panda theme <= 1.21 - Local File Inclusion vulnerability |
| CVE-2025-60051 | WordPress Rare Radio theme <= 1.0.15.1 - Local File Inclusion vulnerability |
| CVE-2025-60052 | WordPress W&D theme <= 1.0 - Local File Inclusion vulnerability |
| CVE-2025-60053 | WordPress MaxCube theme <= 1.3.1 - Local File Inclusion vulnerability |
| CVE-2025-60054 | WordPress OnLeash theme <= 1.5.2 - Local File Inclusion vulnerability |
| CVE-2025-60055 | WordPress Fabrica theme <= 1.8.1 - Local File Inclusion vulnerability |
| CVE-2025-60056 | WordPress Winger theme <= 1.0.16 - Local File Inclusion vulnerability |
| CVE-2025-60057 | WordPress DJ Rainflow theme <= 1.3.13 - Local File Inclusion vulnerability |
| CVE-2025-60058 | WordPress DetailX theme <= 1.10.0 - Local File Inclusion vulnerability |
| CVE-2025-60059 | WordPress smart SEO theme <= 2.12 - Local File Inclusion vulnerability |
| CVE-2025-60060 | WordPress Pubzinne theme <= 1.0.12 - Local File Inclusion vulnerability |
| CVE-2025-60061 | WordPress Kicker theme <= 2.2.0 - Local File Inclusion vulnerability |
| CVE-2025-60063 | WordPress Rosalinda theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-60064 | WordPress Renewal theme <= 1.2.2 - Local File Inclusion vulnerability |
| CVE-2025-60065 | WordPress Pinevale theme <= 1.0.14 - Local File Inclusion vulnerability |
| CVE-2025-60066 | WordPress Katelyn theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2025-60067 | WordPress Giardino theme <= 1.1.10 - Local File Inclusion vulnerability |
| CVE-2025-60069 | WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability |
| CVE-2025-60071 | WordPress Riode | Multi-Purpose WooCommerce theme <= 1.6.23 - Local File Inclusion vulnerability |
| CVE-2025-60072 | WordPress Anchor smooth scroll plugin <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2025-60073 | WordPress Responsive Sidebar plugin <= 1.2.2 - Local File Inclusion vulnerability |
| CVE-2025-60074 | WordPress Lazy Load Optimizer plugin <= 1.4.7 - Local File Inclusion vulnerability |
| CVE-2025-60076 | WordPress Ray Enterprise Translation plugin <= 1.7.1 - Local File Inclusion vulnerability |
| CVE-2025-60078 | WordPress Task Manager plugin <= 3.0.2 - Local File Inclusion vulnerability |
| CVE-2025-60087 | WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability |
| CVE-2025-60126 | WordPress Testimonial Slider Plugin <= 3.5.8.6 - Local File Inclusion Vulnerability |
| CVE-2025-60150 | WordPress Subscribe to Download Plugin <= 2.0.9 - Local File Inclusion Vulnerability |
| CVE-2025-60153 | WordPress Subscribe To Unlock Plugin <= 1.1.5 - Local File Inclusion Vulnerability |
| CVE-2025-60189 | WordPress PoloPag – Pix Automático para Woocommerce plugin <= 2.0.9 - Local File Inclusion vulnerability |
| CVE-2025-60190 | WordPress Immocaster WordPress Plugin plugin <= 1.3.6 - Local File Inclusion vulnerability |
| CVE-2025-60191 | WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability |
| CVE-2025-60192 | WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability |
| CVE-2025-60193 | WordPress Premmerce User Roles plugin <= 1.0.13 - Local File Inclusion vulnerability |
| CVE-2025-60194 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Local File Inclusion vulnerability |
| CVE-2025-60196 | WordPress Clearblue® Ovulation Calculator plugin <= 1.2.4 - Local File Inclusion vulnerability |
| CVE-2025-60197 | WordPress Simple Contact Forms plugin <= 1.6.4 - Local File Inclusion vulnerability |
| CVE-2025-60198 | WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability |
| CVE-2025-60199 | WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability |
| CVE-2025-60200 | WordPress LearnPress Export Import plugin <= 4.0.9 - Local File Inclusion vulnerability |
| CVE-2025-60201 | WordPress WP Customer Area plugin <= 8.2.7 - Local File Inclusion vulnerability |
| CVE-2025-60202 | WordPress Favorites plugin <= 2.3.6 - Local File Inclusion vulnerability |
| CVE-2025-60203 | WordPress Store Exporter plugin <= 2.7.6 - Local File Inclusion vulnerability |
| CVE-2025-60204 | WordPress WooCommerce Store Toolkit plugin <= 2.4.3 - Local File Inclusion vulnerability |
| CVE-2025-60240 | WordPress AnyComment plugin <= 0.3.6 - Local File Inclusion vulnerability |
| CVE-2025-60241 | WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability |
| CVE-2025-60248 | WordPress WPC Product Options for WooCommerce plugin <= 1.8.6 - Local File Inclusion vulnerability |
| CVE-2025-62010 | WordPress Famita theme <= 1.54 - Local File Inclusion vulnerability |
| CVE-2025-62014 | WordPress ITok theme <= 1.1.42 - Local File Inclusion vulnerability |
| CVE-2025-62029 | WordPress Grevo theme <= 2.4 - Local File Inclusion vulnerability |
| CVE-2025-62045 | WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Local File Inclusion vulnerability |
| CVE-2025-62053 | WordPress Houzez theme < 4.2.0 - Local File Inclusion vulnerability |
| CVE-2025-62054 | WordPress Houzez Theme - Functionality plugin <= 4.1.8 - Local File Inclusion vulnerability |
| CVE-2025-62055 | WordPress Academist theme < 1.3 - Local File Inclusion vulnerability |
| CVE-2025-62066 | WordPress Revolution theme < 2.5.8 - Local File Inclusion vulnerability |
| CVE-2025-62067 | WordPress Savory theme <= 2.5 - Local File Inclusion vulnerability |
| CVE-2025-62075 | WordPress Simple Payment plugin <= 2.4.6 - Local File Inclusion vulnerability |
| CVE-2025-62753 | WordPress MAS Videos plugin <= 1.3.2 - Local File Inclusion vulnerability |
| CVE-2025-62868 | WordPress Edge CPT plugin <= 1.4 - Local File Inclusion vulnerability |
| CVE-2025-63003 | WordPress North - Required Plugin plugin <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2025-63017 | WordPress WerkStatt Plugin plugin <= 1.6.6 - Local File Inclusion vulnerability |
| CVE-2025-63036 | WordPress Ronneby Theme Core plugin <= 1.5.68 - Local File Inclusion vulnerability |
| CVE-2025-63062 | WordPress UDesign Core plugin <= 4.14.0 - Local File Inclusion vulnerability |
| CVE-2025-63074 | WordPress The7 theme <= 12.8.0.2 - Local File Inclusion vulnerability |
| CVE-2025-63076 | WordPress The7 Elements plugin <= 2.7.11 - Local File Inclusion vulnerability |
| CVE-2025-6326 | WordPress Inset theme <= 1.18.0 - Local File Inclusion Vulnerability |
| CVE-2025-64193 | WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability |
| CVE-2025-64195 | WordPress Eduma theme <= 5.7.6 - Local File Inclusion vulnerability |
| CVE-2025-64205 | WordPress Jannah theme <= 7.6.0 - Local File Inclusion vulnerability |
| CVE-2025-64216 | WordPress SmartMag theme <= 10.3.0 - Local File Inclusion vulnerability |
| CVE-2025-64223 | WordPress PenNews theme < 6.7.3 - Local File Inclusion vulnerability |
| CVE-2025-64284 | WordPress Majestic Support plugin <= 1.1.1 - Local File Inclusion vulnerability |
| CVE-2025-64287 | WordPress Alloggio - Hotel Booking Theme theme <= 1.8 - Local File Inclusion vulnerability |
| CVE-2025-64359 | WordPress Consulting theme < 6.7.5 - Local File Inclusion vulnerability |
| CVE-2025-64360 | WordPress Consulting Elementor Widgets plugin <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2025-64363 | WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability |
| CVE-2025-64364 | WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability |
| CVE-2025-64373 | WordPress Traveler theme < 3.2.6 - Local File Inclusion vulnerability |
| CVE-2025-64377 | WordPress ListingPro theme < 2.9.10 - Local File Inclusion vulnerability |
| CVE-2025-64714 | PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal |
| CVE-2025-66115 | WordPress Easy Invoice plugin <= 2.1.4 - Local File Inclusion vulnerability |
| CVE-2025-6746 | WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-67515 | WordPress Wilmër theme < 3.5 - Local File Inclusion vulnerability |
| CVE-2025-67521 | WordPress Select Core plugin < 2.6 - Local File Inclusion vulnerability |
| CVE-2025-67522 | WordPress Jobmonster theme <= 4.8.2 - Local File Inclusion vulnerability |
| CVE-2025-67523 | WordPress Exhibz theme <= 3.0.9 - Local File Inclusion vulnerability |
| CVE-2025-67524 | WordPress Jobmonster Elementor Addon plugin <= 1.1.4 - Local File Inclusion vulnerability |
| CVE-2025-67525 | WordPress ekommart theme < 4.3.1 - Local File Inclusion vulnerability |
| CVE-2025-67526 | WordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerability |
| CVE-2025-67527 | WordPress Digiqole theme < 2.2.7 - Local File Inclusion vulnerability |
| CVE-2025-67528 | WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability |
| CVE-2025-67529 | WordPress Fashion theme < 5.3.0 - Local File Inclusion vulnerability |
| CVE-2025-67530 | WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability |
| CVE-2025-67531 | WordPress Turitor theme < 1.5.3 - Local File Inclusion vulnerability |
| CVE-2025-67532 | WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability |
| CVE-2025-67615 | WordPress Myour theme <= 1.5.1 - Local File Inclusion vulnerability |
| CVE-2025-67616 | WordPress Mella theme <= 1.2.29 - Local File Inclusion vulnerability |
| CVE-2025-67920 | WordPress Neo Ocular theme < 1.2 - Local File Inclusion vulnerability |
| CVE-2025-67925 | WordPress Corpkit theme <= 2.0 - Local File Inclusion vulnerability |
| CVE-2025-67934 | WordPress Wellspring theme < 2.8 - Local File Inclusion vulnerability |
| CVE-2025-67935 | WordPress Optimize theme < 2.4 - Local File Inclusion vulnerability |
| CVE-2025-67936 | WordPress Curly theme < 3.3 - Local File Inclusion vulnerability |
| CVE-2025-67937 | WordPress Hendon theme < 1.7 - Local File Inclusion vulnerability |
| CVE-2025-67938 | WordPress Biagiotti theme < 3.5.2 - Local File Inclusion vulnerability |
| CVE-2025-67940 | WordPress Powerlift theme < 3.2.1 - Local File Inclusion vulnerability |
| CVE-2025-67941 | WordPress The Aisle theme < 2.9.1 - Local File Inclusion vulnerability |
| CVE-2025-67946 | WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability |
| CVE-2025-67955 | WordPress MyHome Core plugin <= 4.1.0 - Local File Inclusion vulnerability |
| CVE-2025-67957 | WordPress Listivo Core plugin <= 2.3.77 - Local File Inclusion vulnerability |
| CVE-2025-67980 | WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability |
| CVE-2025-67981 | WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability |
| CVE-2025-67982 | WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability |
| CVE-2025-67988 | WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability |
| CVE-2025-67992 | WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability |
| CVE-2025-68061 | WordPress EduMall theme <= 4.4.7 - Local File Inclusion vulnerability |
| CVE-2025-68062 | WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability |
| CVE-2025-68065 | WordPress Hub Core plugin <= 5.0.8 - Local File Inclusion vulnerability |
| CVE-2025-68066 | WordPress Soledad theme <= 8.7.0 - Local File Inclusion vulnerability |
| CVE-2025-68067 | WordPress Stockholm Core plugin <= 2.4.6 - Local File Inclusion vulnerability |
| CVE-2025-68068 | WordPress Stockholm theme <= 9.14.1 - Local File Inclusion vulnerability |
| CVE-2025-68506 | WordPress Docket Cache plugin <= 24.07.03 - Local File Inclusion vulnerability |
| CVE-2025-68510 | WordPress Photography theme < 7.7.5 - Local File Inclusion vulnerability |
| CVE-2025-68530 | WordPress Bookory theme <= 2.2.7 - Local File Inclusion vulnerability |
| CVE-2025-68536 | WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability |
| CVE-2025-68537 | WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability |
| CVE-2025-68539 | WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability |
| CVE-2025-68540 | WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability |
| CVE-2025-68543 | WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability |
| CVE-2025-68544 | WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability |
| CVE-2025-68545 | WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability |
| CVE-2025-68546 | WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability |
| CVE-2025-68552 | WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulnerability |
| CVE-2025-68560 | WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Local File Inclusion vulnerability |
| CVE-2025-68563 | WordPress Subscribe to Unlock Lite plugin <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2025-68841 | WordPress TopperPack – Complete Elementor Addons, theme & CPT Builder plugin <= 1.2.1 - Local File Inclusion vulnerability |
| CVE-2025-68870 | WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2025-68877 | WordPress CedCommerce Integration for Good Market plugin <= 1.0.6 - Local File Inclusion vulnerability |
| CVE-2025-68905 | WordPress JNews - Pay Writer plugin <= 11.0.0 - Local File Inclusion vulnerability |
| CVE-2025-68908 | WordPress Barberry theme <= 2.9.9.87 - Local File Inclusion vulnerability |
| CVE-2025-68913 | WordPress Miion theme <= 1.2.7 - Local File Inclusion vulnerability |
| CVE-2025-68974 | WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability |
| CVE-2025-68983 | WordPress Greenmart theme <= 4.2.11 - Local File Inclusion vulnerability |
| CVE-2025-68984 | WordPress Puca theme <= 2.6.39 - Local File Inclusion vulnerability |
| CVE-2025-68985 | WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability |
| CVE-2025-68987 | WordPress Cinerama - A WordPress Theme for Movie Studios and Filmmakers theme <= 2.4 - Local File Inclusion vulnerability |
| CVE-2025-68996 | WordPress Responsive Posts Carousel Pro plugin <= 15.1 - Local File Inclusion vulnerability |
| CVE-2025-69004 | WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability |
| CVE-2025-69005 | WordPress Search & Go theme <= 2.8 - Local File Inclusion vulnerability |
| CVE-2025-69034 | WordPress Lekker theme <= 1.8 - Local File Inclusion vulnerability |
| CVE-2025-69037 | WordPress Pippo theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2025-69038 | WordPress Hyori theme <= 1.3.6 - Local File Inclusion vulnerability |
| CVE-2025-69039 | WordPress Bailly theme <= 1.3.4 - Local File Inclusion vulnerability |
| CVE-2025-69040 | WordPress Bfres theme <= 1.2.1 - Local File Inclusion vulnerability |
| CVE-2025-69041 | WordPress Dekoro theme <= 1.0.7 - Local File Inclusion vulnerability |
| CVE-2025-69042 | WordPress Lindo theme <= 1.2.5 - Local File Inclusion vulnerability |
| CVE-2025-69043 | WordPress Rashy theme <= 1.1.3 - Local File Inclusion vulnerability |
| CVE-2025-69044 | WordPress Vango theme <= 1.3.3 - Local File Inclusion vulnerability |
| CVE-2025-69046 | WordPress iRecco Core plugin <= 1.3.6 - Local File Inclusion vulnerability |
| CVE-2025-69047 | WordPress MaxShop theme <= 3.6.20 - Local File Inclusion vulnerability |
| CVE-2025-69049 | WordPress Töbel theme <= 1.6 - Local File Inclusion vulnerability |
| CVE-2025-69050 | WordPress Overworld theme <= 1.3 - Local File Inclusion vulnerability |
| CVE-2025-69057 | WordPress Eldon theme <= 1.0 - Local File Inclusion vulnerability |
| CVE-2025-69058 | WordPress PartyMaker theme <= 1.1.15 - Local File Inclusion vulnerability |
| CVE-2025-69059 | WordPress DiveIt theme <= 1.4.3 - Local File Inclusion vulnerability |
| CVE-2025-69060 | WordPress uReach theme <= 1.3.3 - Local File Inclusion vulnerability |
| CVE-2025-69061 | WordPress MoveMe theme <= 1.2.15 - Local File Inclusion vulnerability |
| CVE-2025-69062 | WordPress Weedles theme <= 1.1.12 - Local File Inclusion vulnerability |
| CVE-2025-69064 | WordPress Pets Land theme <= 1.2.8 - Local File Inclusion vulnerability |
| CVE-2025-69065 | WordPress Snow Mountain theme <= 1.4.3 - Local File Inclusion vulnerability |
| CVE-2025-69066 | WordPress Indoor Plants theme <= 1.2.7 - Local File Inclusion vulnerability |
| CVE-2025-69067 | WordPress Tails theme <= 1.4.12 - Local File Inclusion vulnerability |
| CVE-2025-69068 | WordPress Muji theme <= 1.2.0 - Local File Inclusion vulnerability |
| CVE-2025-69070 | WordPress Tornados theme <= 2.1 - Local File Inclusion vulnerability |
| CVE-2025-69071 | WordPress TanTum theme <= 1.1.13 - Local File Inclusion vulnerability |
| CVE-2025-69072 | WordPress Prider theme <= 1.1.3.1 - Local File Inclusion vulnerability |
| CVE-2025-69073 | WordPress Piqes theme <= 1.0.11 - Local File Inclusion vulnerability |
| CVE-2025-69074 | WordPress Pearson Specter theme <= 1.11.3 - Local File Inclusion vulnerability |
| CVE-2025-69075 | WordPress Yolox theme <= 1.0.15 - Local File Inclusion vulnerability |
| CVE-2025-69076 | WordPress Modern Housewife theme <= 1.0.12 - Local File Inclusion vulnerability |
| CVE-2025-69077 | WordPress Hobo theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2025-69078 | WordPress Malta theme <= 1.3.3 - Local File Inclusion vulnerability |
| CVE-2025-69080 | WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability |
| CVE-2025-69081 | WordPress Hope theme <= 3.0.0 - Local File Inclusion vulnerability |
| CVE-2025-69083 | WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability |
| CVE-2025-69086 | WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability |
| CVE-2025-69087 | WordPress FreeAgent theme <= 2.1.2 - Local File Inclusion vulnerability |
| CVE-2025-69100 | WordPress North theme <= 5.7.5 - Local File Inclusion vulnerability |
| CVE-2025-69314 | WordPress Werkstatt theme < 4.8.3 - Local File Inclusion vulnerability |
| CVE-2025-69322 | WordPress PeakShops theme < 1.5.9 - Local File Inclusion vulnerability |
| CVE-2025-69342 | WordPress Calafate theme <= 1.7.7 - Local File Inclusion vulnerability |
| CVE-2025-69356 | WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability |
| CVE-2025-69373 | WordPress VidoRev theme <= 2.9.9.9.9.9.7 - Local File Inclusion vulnerability |
| CVE-2025-69374 | WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability |
| CVE-2025-69375 | WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability |
| CVE-2025-69383 | WordPress WP shop plugin <= 2.6.1 - Local File Inclusion vulnerability |
| CVE-2025-69387 | WordPress Simple Retail Menus plugin <= 4.2.1 - Local File Inclusion vulnerability |
| CVE-2025-69395 | WordPress Gable theme <= 1.5 - Local File Inclusion vulnerability |
| CVE-2025-69396 | WordPress Splendour theme <= 1.23 - Local File Inclusion vulnerability |
| CVE-2025-69397 | WordPress Tint theme <= 1.7 - Local File Inclusion vulnerability |
| CVE-2025-69398 | WordPress Plank theme <= 1.7 - Local File Inclusion vulnerability |
| CVE-2025-69399 | WordPress Cobble theme <= 1.7 - Local File Inclusion vulnerability |
| CVE-2025-69400 | WordPress Yokoo theme <= 1.1.11 - Local File Inclusion vulnerability |
| CVE-2025-69402 | WordPress R&F theme <= 1.5 - Local File Inclusion vulnerability |
| CVE-2025-69406 | WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability |
| CVE-2025-69407 | WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability |
| CVE-2025-69408 | WordPress HealthFirst theme <= 1.0.1 - Local File Inclusion vulnerability |
| CVE-2025-69409 | WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability |
| CVE-2025-69410 | WordPress Belletrist theme <= 1.2 - Local File Inclusion vulnerability |
| CVE-2025-6991 | Kallyas <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-7327 | Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion |
| CVE-2025-7634 | WP Travel Engine – Tour Booking Plugin – Tour Operator Software <= 6.6.7 - Unauthenticated Local File Inclusion |
| CVE-2025-7650 | BizCalendar Web <= 1.1.0.50 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-7721 | JoomSport <= 5.7.3 - Unauthenticated Directory Traversal to Local File Inclusion |
| CVE-2025-8142 | Soledad <= 8.6.7 - Authenticated (Contributor+) Local File Inclusion via 'header_layout' |
| CVE-2025-8913 | WellChoose|Organization Portal System - Local File Inclusion |
| CVE-2025-9874 | Ultimate Classified Listings <= 1.6 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2025-9990 | WordPress Helpdesk Integration <= 5.8.10 - Unauthenticated Local File Inclusion |
| CVE-2025-9991 | Tiny Bootstrap Elements Light <= 4.3.34 - Unauthenticated Local File Inclusion |
| CVE-2025-9993 | Bei Fen – WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion |
| CVE-2026-0926 | Prodigy Commerce <= 3.2.9 - Unauthenticated Local File Inclusion via parameters[template_name] |
| CVE-2026-1257 | Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute |
| CVE-2026-1988 | Flexi Product Slider and Grid for WooCommerce <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortc... |
| CVE-2026-22344 | WordPress FiveStar theme <= 1.7 - Local File Inclusion vulnerability |
| CVE-2026-22356 | WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability |
| CVE-2026-22361 | WordPress A-Mart theme <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2026-22362 | WordPress Photolia theme <= 1.0.3 - Local File Inclusion vulnerability |
| CVE-2026-22363 | WordPress Rhodos theme <= 1.3.3 - Local File Inclusion vulnerability |
| CVE-2026-22364 | WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability |
| CVE-2026-22365 | WordPress Soleng theme <= 1.0.5 - Local File Inclusion vulnerability |
| CVE-2026-22366 | WordPress Jude theme <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2026-22367 | WordPress Coworking theme <= 1.6.1 - Local File Inclusion vulnerability |
| CVE-2026-22368 | WordPress Redy theme <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2026-22369 | WordPress Ironfit theme <= 1.5 - Local File Inclusion vulnerability |
| CVE-2026-22370 | WordPress Marveland theme <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2026-22371 | WordPress Gustavo theme <= 1.2.2 - Local File Inclusion vulnerability |
| CVE-2026-22372 | WordPress Isida theme <= 1.4.2 - Local File Inclusion vulnerability |
| CVE-2026-22373 | WordPress Fooddy theme <= 1.3.10 - Local File Inclusion vulnerability |
| CVE-2026-22374 | WordPress Zio Alberto theme <= 1.2.2 - Local File Inclusion vulnerability |
| CVE-2026-22375 | WordPress Impacto Patronus theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2026-22376 | WordPress Parkivia theme <= 1.1.9 - Local File Inclusion vulnerability |
| CVE-2026-22377 | WordPress Saveo theme <= 1.1.2 - Local File Inclusion vulnerability |
| CVE-2026-22378 | WordPress Blabber theme <= 1.7.0 - Local File Inclusion vulnerability |
| CVE-2026-22379 | WordPress Netmix theme <= 1.0.10 - Local File Inclusion vulnerability |
| CVE-2026-22380 | WordPress UnlimHost theme <= 1.2.3 - Local File Inclusion vulnerability |
| CVE-2026-22381 | WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Local File Inclusion vulnerability |
| CVE-2026-22401 | WordPress Freshio theme <= 2.4.2 - Local File Inclusion vulnerability |
| CVE-2026-22402 | WordPress Triply theme <= 2.4.7 - Local File Inclusion vulnerability |
| CVE-2026-22464 | WordPress My auctions allegro plugin <= 3.6.33 - Local File Inclusion vulnerability |
| CVE-2026-22521 | WordPress Handmade Framework plugin <= 3.9 - Local File Inclusion vulnerability |
| CVE-2026-23975 | WordPress Golo theme < 1.7.5 - Local File Inclusion vulnerability |
| CVE-2026-23978 | WordPress Gyan Elements plugin <= 2.2.1 - Local File Inclusion vulnerability |
| CVE-2026-24390 | WordPress Kentha Elementor Widgets plugin < 3.1 - Local File Inclusion vulnerability |
| CVE-2026-24531 | WordPress Prowess theme <= 2.3 - Local File Inclusion vulnerability |
| CVE-2026-24538 | WordPress Omnipress plugin <= 1.6.6 - Local File Inclusion vulnerability |
| CVE-2026-24608 | WordPress Laurent Core plugin <= 2.4.1 - Local File Inclusion vulnerability |
| CVE-2026-24609 | WordPress Laurent theme <= 3.1 - Local File Inclusion vulnerability |
| CVE-2026-24635 | WordPress EduBlink Core plugin <= 2.0.7 - Local File Inclusion vulnerability |
| CVE-2026-25027 | WordPress Unicamp theme <= 2.7.1 - Local File Inclusion vulnerability |
| CVE-2026-25326 | WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability |
| CVE-2026-25548 | InvoicePlane Vulnerable to Remote Code Execution via Local File Inclusion and Log Poisoning |
| CVE-2026-27052 | WordPress Sales Countdown Timer for WooCommerce and WordPress plugin <= 1.1.8.1 - Local File Inclusion vulnerability |
| CVE-2026-27343 | WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability |
НКЦКИ уязвимости
Бюллетени НКЦКИ - уязвимости ПО
| Идентификатор | Дата бюллетеня | Описание |
|---|---|---|
| VULN:20240517-39 | 17.05.2024 | Выполнение произвольного кода в Moodle |
| VULN:20240517-40 | 17.05.2024 | Выполнение произвольного кода в Moodle |
| VULN:20240517-41 | 17.05.2024 | Выполнение произвольного кода в Moodle |
| VULN:20240517-42 | 17.05.2024 | Выполнение произвольного кода в Moodle |
| VULN:20241007-42 | 07.10.2024 | Выполнение произвольного кода в Optigo Networks ONS-S8 Spectra Aggregation Switch |
| VULN:20250117-48 | 17.01.2025 | Получение конфиденциальной информации в ABB ASPECT-Enterprise, NEXUS, and MATRIX Series products |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.