Search Results (1243 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-34893 2 Webgeniuslab, Wordpress 2 Thegov Core, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.
CVE-2026-34894 2 Webgeniuslab, Wordpress 2 Integrio Core, Wordpress 2026-06-23 8.1 High
Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.
CVE-2026-7515 2 Betterdocs, Wordpress 2 Betterdocs Pro, Wordpress 2026-06-22 9.8 Critical
The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
CVE-2019-25760 1 Joomtech 1 Easy Shop 2026-06-22 6.2 Medium
Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send GET requests to index.php with the option parameter set to com_easyshop, task set to ajax.loadImage, and a base64-encoded file path in the file parameter to retrieve sensitive files like configuration.php and system files.
CVE-2026-34895 2 Webgeniuslab, Wordpress 2 Softlab Core, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Softlab Core < 1.2.11 versions.
CVE-2025-69110 2 Themerex, Wordpress 2 Airsupply, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
CVE-2025-69161 2 Themerex, Wordpress 2 Snowy, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Snowy <= 1.13 versions.
CVE-2025-69171 2 Themerex, Wordpress 2 Orpheus, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Orpheus <= 1.3 versions.
CVE-2026-39582 2 Wordpress, Xtemos 2 Wordpress, Hitek 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
CVE-2025-69115 2 Themerex, Wordpress 2 Luxmed | Medicine & Healthcare Doctor Wordpress Theme, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
CVE-2025-69144 2 Themerex, Wordpress 2 Preservation, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Preservation <= 1.10 versions.
CVE-2025-69164 2 Themerex, Wordpress 2 Skyward, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Skyward <= 1.10 versions.
CVE-2025-69170 2 Themerex, Wordpress 2 Eventicity, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Eventicity <= 1.5 versions.
CVE-2025-69175 2 Themerex, Wordpress 2 Line Agency, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
CVE-2026-39559 2 Codesupplyco, Wordpress 2 Uppercase, Wordpress 2026-06-20 8.1 High
Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
CVE-2026-48820 1 Cakephp 1 Cakephp 2026-06-18 N/A
CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, and 5.3.0 through 5.3.5, View::_getElementFileName() does not check that the resolved element path is within the application/plugin view template paths. When element names are created with specifically crafted user-supplied data this weakness can be leveraged to include other PHP files on the server. Patched releases are available in 5.3.6, 5.2.13, 5.1.7, 4.6.4, and 4.5.11.
CVE-2025-49403 2 Aa-team, Wordpress 2 Premium Age Verification Restriction For Wordpress, Wordpress 2026-06-17 7.5 High
Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.
CVE-2026-39537 2 Mikado-themes, Wordpress 2 Mikado Core, Wordpress 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
CVE-2026-39549 2 Elated-themes, Wordpress 2 Aperitif, Wordpress 2026-06-17 8.1 High
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
CVE-2026-49954 1 Discuz 1 Discuzx 2026-06-16 7.2 High
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigger an exception during plugin installation to bypass sanitization routines, causing malicious paths to be stored unsanitized and subsequently passed to include(), which combined with file upload functionality escalates to arbitrary code execution in the context of the web server user.