CWE-98— PHP Remote File Inclusion
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.— MITRE CWE catalog
1,240 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 5 of 25
- CVE-2025-2101HIGHCVSS 8.1EG 8.12025-04-26
The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated atta…
- CVE-2025-22145MEDIUMCVSS 6.3EG 6.32025-01-08
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder …
- CVE-2025-22279HIGHCVSS 7.5EG 7.52025-04-10
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetCompareWishlist jet-compare-wishlist allows PHP Local File Inclusion.This issue affects JetCompareWishli…
- CVE-2025-22305MEDIUMCVSS 6.5EG 6.52025-01-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugin Hero Banner Ultimate hero-banner-ultimate allows PHP Local File Inclusion.This issue affects Hero Ban…
- CVE-2025-22311HIGHCVSS 7.5EG 7.52025-01-21
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a …
- CVE-2025-22364HIGHCVSS 7.5EG 7.52025-01-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Service Shogun Ach Invoice App ach-invoice-app allows PHP Local File Inclusion.This issue affects Ach Invoice App: fro…
- CVE-2025-22508HIGHCVSS 8.1EG 8.12025-01-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a thro…
- CVE-2025-22509HIGHCVSS 8.1EG 9.82026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0.
- CVE-2025-22656HIGHCVSS 8.1EG 8.12025-02-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Oscar Alvarez Cookie Monster cookie-monster allows PHP Local File Inclusion.This issue affects Cookie Monster: from n/…
- CVE-2025-22707HIGHCVSS 8.1EG 9.82026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3.
- CVE-2025-22708HIGHCVSS 8.1EG 9.82026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4.
- CVE-2025-22712HIGHCVSS 8.1EG 9.82026-01-08
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through <= 3.0.2.
- CVE-2025-23915HIGHCVSS 7.5EG 7.52025-01-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a thro…
- CVE-2025-23937HIGHCVSS 8.1EG 8.12025-03-26
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This issue affects LinkedIn Lite: from n/a throu…
- CVE-2025-23938HIGHCVSS 7.5EG 7.52025-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CRUDLab Image Gallery Box by CRUDLab image-gallery-box-by-crudlab allows PHP Local File Inclusion.This issue affects I…
- CVE-2025-23945HIGHCVSS 7.5EG 7.52025-03-03
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Webliup Popliup popliup allows PHP Local File Inclusion.This issue affects Popliup: from n/a through <= 1.1.1.
- CVE-2025-23948HIGHCVSS 8.1EG 8.12025-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Webarea Background animation blocks background-animation-blocks allows PHP Local File Inclusion.This issue affects Bac…
- CVE-2025-23949HIGHCVSS 8.1EG 8.12025-01-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version allows PHP Local File Inclusion.This i…
- CVE-2025-23952HIGHCVSS 8.1EG 8.12025-03-26
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ntm custom-field-list-widget custom-field-list-widget allows PHP Local File Inclusion.This issue affects custom-field-…
- CVE-2025-24690HIGHCVSS 8.1EG 8.12025-03-26
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1…
- CVE-2025-24733MEDIUMCVSS 6.5EG 6.52025-01-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows PHP Local File Inclusion.This issue affects Post Grid Ma…
- CVE-2025-24760HIGHCVSS 8.1EG 8.12025-06-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in goalthemes Sofass sofass allows PHP Local File Inclusion.This issue affects Sofass: from n/a through <= 1.3.4.
- CVE-2025-24761HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK dsk allows PHP Local File Inclusion.This issue affects DSK: from n/a through < 2.4.
- CVE-2025-24766HIGHCVSS 7.5EG 7.52025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wproyal News Magazine X news-magazine-x allows PHP Local File Inclusion.This issue affects News Magazine X: from n/a t…
- CVE-2025-24768HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Nitan snsnitan allows PHP Local File Inclusion.This issue affects Nitan: from n/a through <= 2.9.
- CVE-2025-24769HIGHCVSS 8.1EG 8.12025-06-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through <= 1.7.5.
- CVE-2025-24770HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in BZOTheme CraftXtore bw-craftxtore allows PHP Local File Inclusion.This issue affects CraftXtore: from n/a through <= 1…
- CVE-2025-24782MEDIUMCVSS 6.5EG 6.52025-01-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate post-grid-carousel-ultimate allows PHP Local File Inclusion.This issue aff…
- CVE-2025-24937CRITICALCVSS 9.0EG 9.02025-07-21
File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable comp…
- CVE-2025-25109HIGHCVSS 8.1EG 8.12025-03-03
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky WP Vehicle Manager js-vehicle-manager allows PHP Local File Inclusion.This issue affects WP Vehicle Manager: f…
- CVE-2025-25141HIGHCVSS 7.5EG 7.52025-02-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami Sales Popup fami-sales-popup allows PHP Local File Inclusion.This issue affects Fami Sales Popup: from n…
- CVE-2025-25172HIGHCVSS 8.1EG 8.12025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 VidMov vidmov allows PHP Local File Inclusion.This issue affects VidMov: from n/a through <= 1.9.4.
- CVE-2025-25174CRITICALCVSS 10.0EG 10.02025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 E…
- CVE-2025-25539MEDIUMCVSS 6.5EG 6.52025-05-21
Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.
- CVE-2025-26137HIGHCVSS 7.5EG 7.52025-03-18
Systemic Risk Value <=2.8.0 is vulnerable to Local File Inclusion via /GetFile.aspx?ReportUrl=. An unauthenticated attacker can exploit this issue to read arbitrary system files by supplying a crafted file path, potentially exposing sensit…
- CVE-2025-26592HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lab lab allows PHP Local File Inclusion.This issue affects Lab: from n/a through <= 1.0.0.
- CVE-2025-26735HIGHCVSS 7.5EG 7.52025-05-19
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.
- CVE-2025-26757HIGHCVSS 7.5EG 7.52025-02-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File Inclusion.This issue affects FULL Customer: from n/a t…
- CVE-2025-26760HIGHCVSS 7.5EG 7.52025-02-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder calculator-builder allows PHP Local File Inclusion.This issue affects Calculator Builde…
- CVE-2025-26889HIGHCVSS 7.5EG 7.52025-04-15
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hockeydata hockeydata LOS hockeydata-los allows PHP Local File Inclusion.This issue affects hockeydata LOS: from n/a t…
- CVE-2025-26890HIGHCVSS 7.5EG 7.52025-03-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a throug…
- CVE-2025-26894HIGHCVSS 7.5EG 7.52025-04-15
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mobeen Abdullah Coming Soon, Maintenance Mode site-mode allows PHP Local File Inclusion.This issue affects Coming Soon…
- CVE-2025-26909CRITICALCVSS 9.6EG 9.62025-03-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a …
- CVE-2025-26916CRITICALCVSS 9.0EG 9.02025-03-10
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Pixflow Massive Dynamic massive-dynamic.This issue affects Massive Dynamic: from n/a through <= 8.2.
- CVE-2025-26932HIGHCVSS 7.5EG 7.52025-02-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot chatbot allows PHP Local File Inclusion.This issue affects ChatBot: from n/a through <= 6.3.5.
- CVE-2025-26933HIGHCVSS 7.5EG 7.52025-03-10
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment wc-place-order-without-payment allows PHP Local File Inclusion.This issue…
- CVE-2025-26957HIGHCVSS 7.5EG 7.52025-02-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Deetronix Affiliate Coupons affiliate-coupons allows PHP Local File Inclusion.This issue affects Affiliate Coupons: fr…
- CVE-2025-26964HIGHCVSS 7.5EG 7.52025-02-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.…
- CVE-2025-26979HIGHCVSS 7.5EG 7.52025-02-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows PHP Local File Inclusion.This issue affects Funnel Builder by F…
- CVE-2025-26985HIGHCVSS 8.1EG 8.12025-02-25
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support…
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →