CWE-98— PHP Remote File Inclusion
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.— MITRE CWE catalog
1,240 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-98page 9 of 25
- CVE-2025-47627HIGHCVSS 7.5EG 7.52025-07-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LCweb PrivateContent - Mail Actions allows PHP Local File Inclusion. This issue affects PrivateContent - Mail Actions:…
- CVE-2025-47653HIGHCVSS 7.5EG 7.52025-05-07
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in tggfref WP-Recall allows PHP Local File Inclusion. This issue affects WP-Recall: from n/a through 16.26.14.
- CVE-2025-47670HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affe…
- CVE-2025-47672HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration miniorange-discord-integration allows PHP Local File Inclusion.This issue af…
- CVE-2025-47693HIGHCVSS 7.5EG 7.52025-05-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking fat-services-booking allows PHP Local File Inclusion.This issue affects FAT Services Book…
- CVE-2025-47695HIGHCVSS 7.5EG 7.52025-09-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7.
- CVE-2025-47696HIGHCVSS 8.1EG 8.12025-08-31
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through <= 3.4.7.
- CVE-2025-48125HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Event Manager WP Event Manager wp-event-manager allows PHP Local File Inclusion.This issue affects WP Event Manager…
- CVE-2025-48126HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real …
- CVE-2025-48136HIGHCVSS 7.5EG 7.52025-05-16
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows PHP Local File Inclusion.This issue affects Mor…
- CVE-2025-48149HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dedalx Cook&Meal cookandmeal allows PHP Local File Inclusion.This issue affects Cook&Meal: from n/a through <= 1.2.3.
- CVE-2025-48157HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1…
- CVE-2025-48160HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects Caliris: from n/a through <= 1.5.
- CVE-2025-48171HIGHCVSS 8.1EG 8.12025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through <= 2.11.26.
- CVE-2025-48290HIGHCVSS 8.1EG 9.82025-11-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bslthemes Kinsley kinsley allows PHP Local File Inclusion.This issue affects Kinsley: from n/a through <= 3.4.4.
- CVE-2025-48292HIGHCVSS 8.1EG 8.12025-05-23
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster tourmaster allows PHP Local File Inclusion.This issue affects Tourmaster: from n/a through <= 5.…
- CVE-2025-48293CRITICALCVSS 9.8EG 9.82025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup geo-mashup allows PHP Local File Inclusion.This issue affects Geo Mashup: from n/a through <= …
- CVE-2025-48298HIGHCVSS 7.5EG 7.52025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue affects SEOPress for…
- CVE-2025-48302HIGHCVSS 7.5EG 7.52025-08-20
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a thro…
- CVE-2025-48330HIGHCVSS 7.5EG 9.82025-11-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Daman Jeet Real Time Validation for Gravity Forms real-time-validation-for-gravity-forms allows PHP Local File Inclusi…
- CVE-2025-48332HIGHCVSS 7.5EG 7.52025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PublishPress Gutenberg Blocks advanced-gutenberg allows PHP Local File Inclusion.This issue affects Gutenberg Blocks: …
- CVE-2025-48338HIGHCVSS 7.5EG 4.02025-10-22
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows PHP Local File Inclusion.This issue affects WP Abstr…
- CVE-2025-49036HIGHCVSS 8.1EG 8.12025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in octagonwebstudio Premium Addons for KingComposer premium-addons-for-kingcomposer allows PHP Local File Inclusion.This …
- CVE-2025-49070HIGHCVSS 7.5EG 7.52025-07-04
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1.
- CVE-2025-49251HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.28.
- CVE-2025-49252HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.8.
- CVE-2025-49253HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa lasa allows PHP Local File Inclusion.This issue affects Lasa: from n/a through <= 1.1.
- CVE-2025-49254HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika nika allows PHP Local File Inclusion.This issue affects Nika: from n/a through <= 1.2.8.
- CVE-2025-49255HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Ruza ruza allows PHP Local File Inclusion.This issue affects Ruza: from n/a through <= 1.0.7.
- CVE-2025-49256HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Sapa sapa allows PHP Local File Inclusion.This issue affects Sapa: from n/a through <= 1.1.14.
- CVE-2025-49257HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.8.
- CVE-2025-49258HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia maia allows PHP Local File Inclusion.This issue affects Maia: from n/a through <= 1.1.15.
- CVE-2025-49259HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.10.
- CVE-2025-49260HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.9.
- CVE-2025-49261HIGHCVSS 8.1EG 8.12025-06-17
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through <= 1.3.8.
- CVE-2025-49264HIGHCVSS 7.5EG 7.52025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cloud Infrastructure Services Cloud SAML SSO - Single Sign On Login cloud-sso-single-sign-on allows PHP Local File Inc…
- CVE-2025-49271HIGHCVSS 7.5EG 7.52025-08-14
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GravityWP GravityWP - Merge Tags gravitywp-merge-tags allows PHP Local File Inclusion.This issue affects GravityWP - M…
- CVE-2025-49275HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogbyte blogbyte allows PHP Local File Inclusion.This issue affects Blogbyte: from n/a through <= 1.1.1.
- CVE-2025-49276HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogmine blogmine allows PHP Local File Inclusion.This issue affects Blogmine: from n/a through <= 1.1.7.
- CVE-2025-49277HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogprise blogprise allows PHP Local File Inclusion.This issue affects Blogprise: from n/a through <= 1.0.9.
- CVE-2025-49278HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogty blogty allows PHP Local File Inclusion.This issue affects Blogty: from n/a through <= 1.0.11.
- CVE-2025-49279HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Blogvy blogvy allows PHP Local File Inclusion.This issue affects Blogvy: from n/a through <= 1.0.7.
- CVE-2025-49280HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magty magty allows PHP Local File Inclusion.This issue affects Magty: from n/a through <= 1.0.6.
- CVE-2025-49281HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magways magways allows PHP Local File Inclusion.This issue affects Magways: from n/a through <= 1.2.1.
- CVE-2025-49282HIGHCVSS 8.1EG 8.12025-06-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in unfoldwp Magze magze allows PHP Local File Inclusion.This issue affects Magze: from n/a through <= 1.0.9.
- CVE-2025-49307HIGHCVSS 7.5EG 7.52025-06-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magazine3 WP Multilang wp-multilang allows PHP Local File Inclusion.This issue affects WP Multilang: from n/a through …
- CVE-2025-49308HIGHCVSS 7.5EG 7.52025-06-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine…
- CVE-2025-49313HIGHCVSS 7.5EG 7.52025-06-06
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.6.
- CVE-2025-49359HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue affects ShieldGroup: from n/a through …
- CVE-2025-49360HIGHCVSS 8.1EG 8.12025-12-18
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Militarology militarology allows PHP Local File Inclusion.This issue affects Militarology: from n/a throu…
Map vulnerabilities like CWE-98 to your infrastructure
EchelonGraph correlates every CVE — across CWE-98 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →