CWE-98— PHP Remote File Inclusion
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.— MITRE CWE catalog
1,240 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 7 of 25
- CVE-2025-31432HIGHCVSS 7.5EG 7.52025-03-28
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Chop Chop Pop-Up Chop Chop pop-up allows PHP Local File Inclusion.This issue affects Pop-Up Chop Chop: from n/a throug…
- CVE-2025-31632HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7.
- CVE-2025-31633HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo -…
- CVE-2025-31912HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File Inclusion.This issue affects Enzio - Re…
- CVE-2025-31913HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami ogami allows PHP Local File Inclusion.This issue affects Ogami: from n/a through <= 1.53.
- CVE-2025-32141HIGHCVSS 8.8EG 8.82025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows PHP Local File Inclusion.This issue affects…
- CVE-2025-32142HIGHCVSS 8.8EG 8.82025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: f…
- CVE-2025-32146HIGHCVSS 8.8EG 8.82025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= …
- CVE-2025-32150HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Ma…
- CVE-2025-32151HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themekraft BuddyForms buddyforms allows PHP Local File Inclusion.This issue affects BuddyForms: from n/a through <= 2.…
- CVE-2025-32152HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Essential Plugin Slider a SlidersPack sliderspack-all-in-one-image-sliders allows PHP Local File Inclusion.This issue …
- CVE-2025-32153HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG WooCarousel vg-woocarousel allows PHP Local File Inclusion.This issue affects VG WooCarousel: from n/a th…
- CVE-2025-32154HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from …
- CVE-2025-32155HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in markkinchin Beds24 Online Booking beds24-online-booking allows PHP Local File Inclusion.This issue affects Beds24 Onli…
- CVE-2025-32156HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alex Prokopenko / JustCoded Just Post Preview Widget just-post-preview allows PHP Local File Inclusion.This issue affe…
- CVE-2025-32157HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jakub Glos Sparkle Elementor Kit sparkle-elementor-kit allows PHP Local File Inclusion.This issue affects Sparkle Elem…
- CVE-2025-32158HIGHCVSS 7.5EG 7.52025-04-10
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Syed Balkhi aThemes Addons for Elementor athemes-addons-for-elementor-lite.This issue affects aThemes Addons for Eleme…
- CVE-2025-32159HIGHCVSS 7.5EG 7.52025-04-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Radius Blocks radius-blocks allows PHP Local File Inclusion.This issue affects Radius Blocks: from n/a thr…
- CVE-2025-32160HIGHCVSS 7.5EG 7.52025-04-10
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite.This issue affects EventON: from n/a through <= 2.4.1.
- CVE-2025-32286HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher butcher allows PHP Local File Inclusion.This issue affects Butcher: from n/a through <= 2.40.
- CVE-2025-32288HIGHCVSS 7.5EG 7.52025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Exten…
- CVE-2025-32289HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi yozi allows PHP Local File Inclusion.This issue affects Yozi: from n/a through <= 2.0.63.
- CVE-2025-32294HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Oxpitan oxpitan allows PHP Local File Inclusion.This issue affects Oxpitan: from n/a through <= 1.3.5.
- CVE-2025-32298HIGHCVSS 7.5EG 7.52025-06-27
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case-Themes CTUsers ctuser allows PHP Local File Inclusion.This issue affects CTUsers: from n/a through <= 1.0.0.
- CVE-2025-32302HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex winnex allows PHP Local File Inclusion.This issue affects Winnex: from n/a through <= 1.3.2.
- CVE-2025-32304HIGHCVSS 8.1EG 8.12026-01-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.
- CVE-2025-32309HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3.
- CVE-2025-32499MEDIUMCVSS 6.5EG 6.52025-04-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate logo-showcase-ultimate allows PHP Local File Inclusion.This issue affects Logo Showcase U…
- CVE-2025-32519HIGHCVSS 8.1EG 8.12025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Foysal Imran IDonate idonate allows PHP Local File Inclusion.This issue affects IDonate: from n/a through <= 2.1.18.
- CVE-2025-32549HIGHCVSS 7.5EG 7.52025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0.
- CVE-2025-32577CRITICALCVSS 9.8EG 9.82025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.This issue affects Build App Online: from…
- CVE-2025-32589HIGHCVSS 8.1EG 8.12025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi – Guest Submit flexi allows PHP Local File Inclusion.This issue affects Flexi – Guest Submit: from n/a…
- CVE-2025-32595HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Krowd krowd allows PHP Local File Inclusion.This issue affects Krowd: from n/a through < 1.5.0.
- CVE-2025-32614HIGHCVSS 8.8EG 8.82025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through <= 2.4.
- CVE-2025-32627HIGHCVSS 8.1EG 8.12025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= …
- CVE-2025-32654HIGHCVSS 8.1EG 8.12025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: f…
- CVE-2025-32656HIGHCVSS 8.1EG 8.12025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This i…
- CVE-2025-32657HIGHCVSS 7.5EG 5.32025-10-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This i…
- CVE-2025-32663HIGHCVSS 8.1EG 8.12025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon fat-coming-soon allows PHP Local File Inclusion.This issue affects FAT Cooming Soon: from n/a…
- CVE-2025-32668HIGHCVSS 8.1EG 8.12025-04-10
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Ma…
- CVE-2025-32672HIGHCVSS 8.1EG 8.12025-04-11
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor allows PHP Local File Incl…
- CVE-2025-32692HIGHCVSS 7.5EG 7.52025-04-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms wp-subscription-forms allows PHP Local File Inclusion.This issue affects WP Subscript…
- CVE-2025-32921HIGHCVSS 7.5EG 7.52025-04-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpoperations Arrival arrival allows PHP Local File Inclusion.This issue affects Arrival: from n/a through <= 1.4.5.
- CVE-2025-32925HIGHCVSS 8.3EG 8.32025-05-19
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in FantasticPlugins SUMO Reward Points rewardsystem allows PHP Local File Inclusion.This issue affects SUMO Reward Points…
- CVE-2025-3703HIGHCVSS 7.5EG 7.52025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wipeoutmedia CSS & JavaScript Toolbox css-javascript-toolbox allows PHP Local File Inclusion.This issue affects CSS & …
- CVE-2025-39359HIGHCVSS 7.5EG 7.52025-04-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codeworkweb CWW Portfolio cww-portfolio allows PHP Local File Inclusion.This issue affects CWW Portfolio: from n/a thr…
- CVE-2025-39360HIGHCVSS 7.5EG 7.52025-04-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in everestthemes Grace Mag grace-mag allows PHP Local File Inclusion.This issue affects Grace Mag: from n/a through <= 1.…
- CVE-2025-39364HIGHCVSS 7.5EG 7.52025-05-19
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce woo-category-slider-by-pluginever allows PHP Local File Inclusion.T…
- CVE-2025-39378HIGHCVSS 7.5EG 7.52025-04-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-w…
- CVE-2025-39379HIGHCVSS 7.5EG 7.52025-04-24
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Capturly Capturly capturly-optimize-your-website allows PHP Local File Inclusion.This issue affects Capturly: from n/a…
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →