CWE-98— PHP Remote File Inclusion
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.— MITRE CWE catalog
1,240 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 22 of 25
- CVE-2026-27075HIGHCVSS 8.1EG 8.12026-03-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0.
- CVE-2026-27076HIGHCVSS 8.1EG 8.12026-03-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through <= 1.…
- CVE-2026-27077HIGHCVSS 8.1EG 8.12026-03-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through…
- CVE-2026-27078HIGHCVSS 8.1EG 8.12026-03-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1.
- CVE-2026-27079HIGHCVSS 8.1EG 8.12026-03-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1.
- CVE-2026-27080HIGHCVSS 8.1EG 8.12026-03-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through <= 1.0.
- CVE-2026-27081HIGHCVSS 8.1EG 8.12026-03-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4.
- CVE-2026-27093HIGHCVSS 8.1EG 8.12026-03-19
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through < 1.5.6.
- CVE-2026-27097HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue …
- CVE-2026-27326HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local…
- CVE-2026-27334HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dan_fisher Alchemists alchemists allows PHP Local File Inclusion.This issue affects Alchemists: from n/a through <= 4.…
- CVE-2026-27335HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue af…
- CVE-2026-27336HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Theme consultor allows PHP Local File Inclus…
- CVE-2026-27337HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issu…
- CVE-2026-27339HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme buzzstone allows PHP Local File Inclusion.This issue a…
- CVE-2026-27340HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Local File Inclusion.This issue affects A…
- CVE-2026-27341HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScore…
- CVE-2026-27342HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local File Inclusion.This issue affects TopFi…
- CVE-2026-27343HIGHCVSS 7.5EG 7.52026-02-19
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Airtifact airtifact allows PHP Local File Inclusion.This issue affects Airtifact: from n/a through <= 1.2.91.
- CVE-2026-27381HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.
- CVE-2026-27383HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through <= 2.13.
- CVE-2026-27412HIGHCVSS 8.1EG 8.12026-07-02
Unauthenticated Local File Inclusion in Pearl - Corporate Business <= 3.4.10 versions.
- CVE-2026-27985HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Humanum: from n/a through <= 1.1.4.
- CVE-2026-27986HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects OsTende: from n/a through <= 1.4.3.
- CVE-2026-27987HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects The Qlean: from n/a through <= 2.12.
- CVE-2026-27988HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Equadio equadio allows PHP Local File Inclusion.This issue affects Equadio: from n/a through <= 1.1.3.
- CVE-2026-27989HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quanzo: from n/a through <= 1.0.10.
- CVE-2026-27990HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows PHP Local File Inclusion.This issue affects ConFix: from n/a through <= 1.013.
- CVE-2026-27991HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Avventure avventure allows PHP Local File Inclusion.This issue affects Avventure: from n/a through <= 1.1.12.
- CVE-2026-27992HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Meals & Wheels meals-wheels allows PHP Local File Inclusion.This issue affects Meals & Wheels: from n/a throu…
- CVE-2026-27993HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aldo aldo allows PHP Local File Inclusion.This issue affects Aldo: from n/a through <= 1.0.10.
- CVE-2026-27994HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tediss tediss allows PHP Local File Inclusion.This issue affects Tediss: from n/a through <= 1.2.4.
- CVE-2026-27995HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Justitia justitia allows PHP Local File Inclusion.This issue affects Justitia: from n/a through <= 1.1.0.
- CVE-2026-27996HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affects Lingvico: from n/a through <= 1.0.14.
- CVE-2026-27997HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Maxify maxify allows PHP Local File Inclusion.This issue affects Maxify: from n/a through <= 1.0.16.
- CVE-2026-27998HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vixus vixus allows PHP Local File Inclusion.This issue affects Vixus: from n/a through <= 1.0.16.
- CVE-2026-28006HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yungen yungen allows PHP Local File Inclusion.This issue affects Yungen: from n/a through <= 1.0.12.
- CVE-2026-28007HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coinpress coinpress allows PHP Local File Inclusion.This issue affects Coinpress: from n/a through <= 1.0.14.
- CVE-2026-28009HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects DroneX: from n/a through <= 1.1.12.
- CVE-2026-28010HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects Scientia: from n/a through <= 1.2.4.
- CVE-2026-28011HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yottis yottis allows PHP Local File Inclusion.This issue affects Yottis: from n/a through <= 1.0.10.
- CVE-2026-28012HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gridiron gridiron allows PHP Local File Inclusion.This issue affects Gridiron: from n/a through <= 1.0.14.
- CVE-2026-28013HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Kratz: from n/a through <= 1.0.12.
- CVE-2026-28014HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Translogic translogic allows PHP Local File Inclusion.This issue affects Translogic: from n/a through <= 1.2.…
- CVE-2026-28015HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ShiftCV shift-cv allows PHP Local File Inclusion.This issue affects ShiftCV: from n/a through <= 3.0.14.
- CVE-2026-28016HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Luxury Wine luxury-wine allows PHP Local File Inclusion.This issue affects Luxury Wine: from n/a through <= 1…
- CVE-2026-28017HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Green Thumb greenthumb allows PHP Local File Inclusion.This issue affects Green Thumb: from n/a through <= 1.…
- CVE-2026-28018HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Global Logistics globallogistics allows PHP Local File Inclusion.This issue affects Global Logistics: from n/…
- CVE-2026-28019HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Manoir manoir allows PHP Local File Inclusion.This issue affects Manoir: from n/a through <= 1.11.
- CVE-2026-28020HIGHCVSS 8.1EG 8.12026-03-05
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Chroma chroma allows PHP Local File Inclusion.This issue affects Chroma: from n/a through <= 1.11.
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →