CWE-98— PHP Remote File Inclusion
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.— MITRE CWE catalog
1,240 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 17 of 25
- CVE-2025-69041HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Dekoro dekoro allows PHP Local File Inclusion.This issue affects Dekoro: from n/a through <= 1.0.7.
- CVE-2025-69042HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through <= 1.2.5.
- CVE-2025-69043HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Rashy rashy allows PHP Local File Inclusion.This issue affects Rashy: from n/a through <= 1.1.3.
- CVE-2025-69044HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Vango vango allows PHP Local File Inclusion.This issue affects Vango: from n/a through <= 1.3.3.
- CVE-2025-69046HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebGeniusLab iRecco Core irecco-core allows PHP Local File Inclusion.This issue affects iRecco Core: from n/a through …
- CVE-2025-69047HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech MaxShop sw_maxshop allows PHP Local File Inclusion.This issue affects MaxShop: from n/a through <= 3.6.20.
- CVE-2025-69049HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Töbel tobel allows PHP Local File Inclusion.This issue affects Töbel: from n/a through <= 1.6.
- CVE-2025-69050HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through <= 1.3.
- CVE-2025-69057HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldon: from n/a through <= 1.0.
- CVE-2025-69058HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through <= …
- CVE-2025-69059HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes DiveIt diveit allows PHP Local File Inclusion.This issue affects DiveIt: from n/a through <= 1.4.3.
- CVE-2025-69060HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes uReach ureach allows PHP Local File Inclusion.This issue affects uReach: from n/a through <= 1.3.3.
- CVE-2025-69061HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through <= 1.2.15.
- CVE-2025-69062HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Weedles weedles allows PHP Local File Inclusion.This issue affects Weedles: from n/a through <= 1.1.12.
- CVE-2025-69064HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pets Land petsland allows PHP Local File Inclusion.This issue affects Pets Land: from n/a through <= 1.2.…
- CVE-2025-69065HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a thr…
- CVE-2025-69066HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Indoor Plants indoor-plants allows PHP Local File Inclusion.This issue affects Indoor Plants: from n/a th…
- CVE-2025-69067HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tails tails allows PHP Local File Inclusion.This issue affects Tails: from n/a through <= 1.4.12.
- CVE-2025-69068HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Muji muji allows PHP Local File Inclusion.This issue affects Muji: from n/a through <= 1.2.0.
- CVE-2025-69070HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tornados tornados allows PHP Local File Inclusion.This issue affects Tornados: from n/a through <= 2.1.
- CVE-2025-69071HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes TanTum tantum allows PHP Local File Inclusion.This issue affects TanTum: from n/a through <= 1.1.13.
- CVE-2025-69072HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Prider prider allows PHP Local File Inclusion.This issue affects Prider: from n/a through <= 1.1.3.1.
- CVE-2025-69073HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Piqes piqes allows PHP Local File Inclusion.This issue affects Piqes: from n/a through <= 1.0.11.
- CVE-2025-69074HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n…
- CVE-2025-69075HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Yolox yolox allows PHP Local File Inclusion.This issue affects Yolox: from n/a through <= 1.0.15.
- CVE-2025-69076HIGHCVSS 8.1EG 8.12026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: fro…
- CVE-2025-69077HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Hobo hobo allows PHP Local File Inclusion.This issue affects Hobo: from n/a through <= 1.0.10.
- CVE-2025-69078HIGHCVSS 8.1EG 9.82026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through <= 1.3.3.
- CVE-2025-69080HIGHCVSS 8.1EG 8.12026-01-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through <= 1.9.8.
- CVE-2025-69081HIGHCVSS 8.1EG 8.12026-01-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through <= 3.0.0.
- CVE-2025-69083HIGHCVSS 8.1EG 8.12026-01-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé frappe allows PHP Local File Inclusion.This issue affects Frappé: from n/a through <= 1.8.
- CVE-2025-69086HIGHCVSS 8.1EG 8.12026-01-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes Issabella issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a through <= 1.1.2.
- CVE-2025-69087HIGHCVSS 8.1EG 8.12026-01-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes FreeAgent freeagent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through <= 2.1.2.
- CVE-2025-69090HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through <= 1.3.4.
- CVE-2025-69100HIGHCVSS 8.1EG 8.22026-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through <= 5.7.5.
- CVE-2025-69105HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Modernee <= 1.6.0 versions.
- CVE-2025-69106HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions.
- CVE-2025-69107HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Rosaleen <= 2.8 versions.
- CVE-2025-69109HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Raider Spirit <= 1.1.2 versions.
- CVE-2025-69110HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions.
- CVE-2025-69112HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Planty <= 1.14.0 versions.
- CVE-2025-69113HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Nexio <= 1.10.0 versions.
- CVE-2025-69114HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in MaxiNet <= 1.2.10 versions.
- CVE-2025-69115HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme <= 1.2.2 versions.
- CVE-2025-69116HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Iona <= 1.0.8 versions.
- CVE-2025-69117HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Ingenioso <= 1.14.0 versions.
- CVE-2025-69118HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in CopyPress <= 1.4.5 versions.
- CVE-2025-69119HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Corbesier <= 1.15.0 versions.
- CVE-2025-69120HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions.
- CVE-2025-69121HIGHCVSS 8.1EG 8.12026-06-17
Unauthenticated Local File Inclusion in Deliciosa <= 1.10.0 versions.
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →