CWE-98— PHP Remote File Inclusion
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.— MITRE CWE catalog
1,240 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 11 of 25
- CVE-2025-53198HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4.
- CVE-2025-53204HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through <= 1.9.2.
- CVE-2025-53207HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows PHP Local File Inclusion.This issue affects WP Travel Gut…
- CVE-2025-53210HIGHCVSS 7.5EG 7.52025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks zoloblocks allows PHP Local File Inclusion.This issue affects ZoloBlocks: from n/a through <= 2.3.…
- CVE-2025-53216HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeuniver Glamer glamer allows PHP Local File Inclusion.This issue affects Glamer: from n/a through <= 1.0.2.
- CVE-2025-53227HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magazine Saga magazine-saga allows PHP Local File Inclusion.This issue affects Magazine Saga: from n/a throug…
- CVE-2025-53244HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magazine Elite magazine-elite allows PHP Local File Inclusion.This issue affects Magazine Elite: from n/a thr…
- CVE-2025-53247HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpinterface BlogMarks blogmarks allows PHP Local File Inclusion.This issue affects BlogMarks: from n/a through <= 1.0.…
- CVE-2025-53248HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magazine eximious-magazine allows PHP Local File Inclusion.This issue affects Magazine: from n/a through <= 1…
- CVE-2025-53252HIGHCVSS 7.5EG 9.82025-11-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Zegen zegen allows PHP Local File Inclusion.This issue affects Zegen: from n/a through <= 1.1.9.
- CVE-2025-53257HIGHCVSS 7.5EG 7.52025-06-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Serhii Pasyuk Gmedia Photo Gallery grand-media allows PHP Local File Inclusion.This issue affects Gmedia Photo Gallery…
- CVE-2025-53259HIGHCVSS 7.5EG 7.52025-06-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nicdark Hotel Booking nd-booking allows PHP Local File Inclusion.This issue affects Hotel Booking: from n/a through <=…
- CVE-2025-53281HIGHCVSS 7.5EG 7.52025-06-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPBean WPB Category Slider for WooCommerce wpb-woocommerce-category-slider allows PHP Local File Inclusion.This issue …
- CVE-2025-53326HIGHCVSS 7.5EG 7.52025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodeYatri Gutenify gutenify allows PHP Local File Inclusion.This issue affects Gutenify: from n/a through <= 1.5.4.
- CVE-2025-53328HIGHCVSS 7.5EG 7.52025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Opinion Stage Poll, Survey & Quiz Maker Plugin by Opinion Stage social-polls-by-opinionstage allows PHP Local File Inc…
- CVE-2025-53334HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through < 7.5.1.
- CVE-2025-53335HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Berger berger allows PHP Local File Inclusion.This issue affects Berger: from n/a through <= 1.1.1.
- CVE-2025-53339HIGHCVSS 7.5EG 7.52025-06-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor devnex-addons-for-elementor allows PHP Local File Inclusion.This issue affects Devn…
- CVE-2025-53429HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Exit Game exit-game allows PHP Local File Inclusion.This issue affects Exit Game: from n/a through <= 1.4…
- CVE-2025-53430HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Etta etta allows PHP Local File Inclusion.This issue affects Etta: from n/a through <= 1.14.0.
- CVE-2025-53431HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Emberlyn emberlyn allows PHP Local File Inclusion.This issue affects Emberlyn: from n/a through <= 1.3.1.
- CVE-2025-53432HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Echo echo allows PHP Local File Inclusion.This issue affects Echo: from n/a through <= 1.15.0.
- CVE-2025-53433CRITICALCVSS 9.8EG 9.82025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes EasyEat easyeat allows PHP Local File Inclusion.This issue affects EasyEat: from n/a through <= 1.9.0.
- CVE-2025-53434HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ChildHope childhope allows PHP Local File Inclusion.This issue affects ChildHope: from n/a through <= 1.1…
- CVE-2025-53435HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Plan My Day planmyday allows PHP Local File Inclusion.This issue affects Plan My Day: from n/a through <= …
- CVE-2025-53436HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Monki monki allows PHP Local File Inclusion.This issue affects Monki: from n/a through <= 2.0.5.
- CVE-2025-53437HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Greenorganic greenorganic allows PHP Local File Inclusion.This issue affects Greenorganic: from n/a through …
- CVE-2025-53438HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitLine fitline allows PHP Local File Inclusion.This issue affects FitLine: from n/a through <= 1.6.
- CVE-2025-53439HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Harper harper allows PHP Local File Inclusion.This issue affects Harper: from n/a through <= 1.13.
- CVE-2025-53440HIGHCVSS 8.1EG 8.12026-06-02
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Confidant allows PHP Local File Inclusion. This issue affects Confidant: from n/a through 1.4.
- CVE-2025-53441HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Greeny greeny allows PHP Local File Inclusion.This issue affects Greeny: from n/a through <= 2.6.
- CVE-2025-53442HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rentic rentic allows PHP Local File Inclusion.This issue affects Rentic: from n/a through <= 1.1.
- CVE-2025-53443HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Smash smash allows PHP Local File Inclusion.This issue affects Smash: from n/a through <= 1.7.
- CVE-2025-53445HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Catwalk catwalk allows PHP Local File Inclusion.This issue affects Catwalk: from n/a through <= 1.4.
- CVE-2025-53446HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Beautique beautique allows PHP Local File Inclusion.This issue affects Beautique: from n/a through <= 1.5.
- CVE-2025-53447HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Assembly assembly allows PHP Local File Inclusion.This issue affects Assembly: from n/a through <= 1.1.
- CVE-2025-53448HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rally rally allows PHP Local File Inclusion.This issue affects Rally: from n/a through <= 1.1.
- CVE-2025-53449HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Convex convex allows PHP Local File Inclusion.This issue affects Convex: from n/a through <= 1.11.
- CVE-2025-53450HIGHCVSS 7.5EG 7.52025-09-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pluginwale Easy Pricing Table WP easy-pricing-table-wp allows PHP Local File Inclusion.This issue affects Easy Pricing…
- CVE-2025-53453HIGHCVSS 8.1EG 8.22025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16.
- CVE-2025-53565HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews business-reviews-wp allows PHP Local File Inclusion.This issue affects Widget fo…
- CVE-2025-53567HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a through <= 3.4.1.
- CVE-2025-53576HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Ovatheme Events ova-events allows PHP Local File Inclusion.This issue affects Ovatheme Events: from n/a throu…
- CVE-2025-53578HIGHCVSS 8.1EG 8.12025-08-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kipso kipso allows PHP Local File Inclusion.This issue affects Kipso: from n/a through <= 1.3.4.
- CVE-2025-54003HIGHCVSS 8.1EG 9.82026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16.
- CVE-2025-54015MEDIUMCVSS 6.6EG 6.62025-07-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins HT Contact Form 7 ht-contactform allows PHP Local File Inclusion.This issue affects HT Contact Form 7: from…
- CVE-2025-54017HIGHCVSS 7.5EG 7.52025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid…
- CVE-2025-54028HIGHCVSS 7.5EG 7.52025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affects CF7 WOW Styler: …
- CVE-2025-54031HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board supportboard allows PHP Local File Inclusion.This issue affects Support Board: from n/a through…
- CVE-2025-54034HIGHCVSS 7.5EG 7.52025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters newsletters-lite allows PHP Local File Inclusion.This issue affects Newsletters: from n…
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →