Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)) — Vulnerability Class 1082

1082 vulnerabilities classified as CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-69387 WordPress Simple Retail Menus plugin <= 4.2.1 - Local File Inclusion vulnerability — Simple Retail Menus 9.1AICriticalAI2026-02-20
CVE-2025-69383 WordPress WP shop plugin <= 2.6.1 - Local File Inclusion vulnerability — WP shop 9.1AICriticalAI2026-02-20
CVE-2025-69373 WordPress VidoRev theme <= 2.9.9.9.9.9.7 - Local File Inclusion vulnerability — VidoRev 7.5 High2026-02-20
CVE-2025-69375 WordPress Portfolio Builder plugin <= 1.2.5 - Local File Inclusion vulnerability — Portfolio Builder 8.8AIHighAI2026-02-20
CVE-2025-69374 WordPress Eleblog – Elementor Blog And Magazine Addons plugin <= 2.0.3 - Local File Inclusion vulnerability — Eleblog – Elementor Blog And Magazine Addons 9.1AICriticalAI2026-02-20
CVE-2025-69322 WordPress PeakShops theme < 1.5.9 - Local File Inclusion vulnerability — PeakShops 9.8AICriticalAI2026-02-20
CVE-2025-68841 WordPress TopperPack – Complete Elementor Addons, theme & CPT Builder plugin <= 1.2.1 - Local File Inclusion vulnerability — TopperPack – Complete Elementor Addons, Theme &amp; CPT Builder 8.8AIHighAI2026-02-20
CVE-2025-68545 WordPress Nika theme <= 1.2.14 - Local File Inclusion vulnerability — Nika 8.1 High2026-02-20
CVE-2025-68552 WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulnerability — WooCommerce Coming Soon Product with Countdown 7.5 High2026-02-20
CVE-2025-68543 WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability — Diza 9.1AICriticalAI2026-02-20
CVE-2025-68536 WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability — Zota 9.1AICriticalAI2026-02-20
CVE-2025-68539 WordPress Fana theme <= 1.1.35 - Local File Inclusion vulnerability — Fana 9.1AICriticalAI2026-02-20
CVE-2025-67992 WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability — PatioTime 9.1AICriticalAI2026-02-20
CVE-2025-67988 WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability — CozyStay 9.1AICriticalAI2026-02-20
CVE-2025-67982 WordPress Urna theme <= 2.5.12 - Local File Inclusion vulnerability — Urna 9.1AICriticalAI2026-02-20
CVE-2025-67980 WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability — Hara 9.1AICriticalAI2026-02-20
CVE-2025-67981 WordPress Besa theme <= 2.3.15 - Local File Inclusion vulnerability — Besa 9.1AICriticalAI2026-02-20
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability — Extensive VC Addons for WPBakery page builder 9.8AICriticalAI2026-02-20
CVE-2026-27343 WordPress Airtifact theme <= 1.2.91 - Local File Inclusion vulnerability — Airtifact 9.8AICriticalAI2026-02-19
CVE-2026-27052 WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability — Sales Countdown Timer for WooCommerce and WordPress 9.8AICriticalAI2026-02-19
CVE-2026-25326 WordPress CMSMasters Content Composer plugin <= 1.4.5 - Local File Inclusion vulnerability — CMSMasters Content Composer 9.1AICriticalAI2026-02-19
CVE-2026-0926 Prodigy Commerce <= 3.3.0 - Unauthenticated Local File Inclusion via parameters[template_name] — Prodigy Commerce 9.8 Critical2026-02-19
CVE-2026-1988 Flexi Product Slider and Grid for WooCommerce <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortcode Attribute — Flexi Product Slider and Grid for WooCommerce 7.5 High2026-02-14
CVE-2025-15368 SportsPress <= 2.7.26 - Authenticated (Contributor+) Local File Inclusion via Shortcode — SportsPress – Sports Club & League Manager 8.8 High2026-02-04
CVE-2026-25027 WordPress Unicamp theme <= 2.7.1 - Local File Inclusion vulnerability — Unicamp 9.1AICriticalAI2026-02-03
CVE-2024-54263 WordPress Spirit Framework plugin <= 1.2.13 - Local File Inclusion vulnerability — Spirit Framework 7.5 High2026-02-02
CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution — Gila CMS 9.8 Critical2026-01-27
CVE-2026-1257 Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Local File Inclusion via 'slug' Shortcode Attribute — Administrative Shortcodes 7.5 High2026-01-24
CVE-2026-24635 WordPress EduBlink Core plugin <= 2.0.7 - Local File Inclusion vulnerability — EduBlink Core 9.8 -2026-01-23
CVE-2026-24609 WordPress Laurent theme <= 3.1 - Local File Inclusion vulnerability — Laurent 9.1 -2026-01-23

Vulnerabilities classified as CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)) represent 1082 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.