Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)) — Vulnerability Class 1082

1082 vulnerabilities classified as CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-5431 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode — WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System 8.8 High2024-06-25
CVE-2024-5455 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion — The Plus Addons for Elementor Page Builder Pro 8.8 High2024-06-21
CVE-2024-5503 WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion — WP Blog Post Layouts 8.8 High2024-06-21
CVE-2024-5574 WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion — WP Magazine Modules Lite 7.5 High2024-06-19
CVE-2024-4551 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode — Video Gallery – YouTube Playlist, Channel Gallery by YotuWP 6.4 Medium2024-06-15
CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion — Video Gallery – YouTube Playlist, Channel Gallery by YotuWP 9.8 Critical2024-06-15
CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode — tagDiv Composer 8.8 High2024-06-15
CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion — Where I Was, Where I Will Be 9.8 Critical2024-06-14
CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion — Canto 9.8 Critical2024-06-14
CVE-2024-36415 SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution — SuiteCRM 9.1 Critical2024-06-10
CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability — MelaPress Login Security 4.9 Medium2024-06-10
CVE-2024-4887 Qi Addons For Elementor <= 1.7.2 - Authenticated (Contributor+) Local File Inclusion — Qi Addons For Elementor 7.5 High2024-06-07
CVE-2024-35629 WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability — Easy Digital Downloads – Recent Purchases 9.6 Critical2024-06-04
CVE-2024-5348 Elements For Elementor <= 2.1 - Authenticated (Contributor+) Local File Inclusion via Multiple Widget Attributes — Elements For Elementor 8.8 High2024-06-01
CVE-2024-3564 Content Blocks (Custom Post Widget) <= 3.3.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode — Content Blocks (Custom Post Widget) 8.8 High2024-06-01
CVE-2024-5345 Responsive Owl Carousel for Elementor <= 1.2.0 - Local File Inclusion — Responsive Owl Carousel for Elementor 8.8 High2024-05-31
CVE-2024-3812 Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode — Salient Core 7.5 High2024-05-18
CVE-2024-3810 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode — Salient Shortcodes 8.8 High2024-05-18
CVE-2024-32523 WordPress Mailster plugin <= 4.0.6 - Unauthenticated Local File Inclusion vulnerability — Mailster 8.1 High2024-05-17
CVE-2024-27971 WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.10 - Local File Inclusion vulnerability — Premmerce Permalink Manager for WooCommerce 8.3 High2024-05-17
CVE-2024-3551 Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion — Penci Soledad Data Migrator 9.8 Critical2024-05-17
CVE-2024-4670 All-in-One Video Gallery <= 3.6.5 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode — All-in-One Video Gallery 8.8 High2024-05-15
CVE-2024-31459 Cacti RCE vulnerability by file include in lib/plugin.php — cacti 8.1 High2024-05-13
CVE-2024-3808 Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode — Porto Theme - Functionality 8.8 High2024-05-09
CVE-2024-3809 Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta — Porto Theme - Functionality 8.8 High2024-05-09
CVE-2024-3806 Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts — Porto 9.8 Critical2024-05-09
CVE-2024-4441 XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion — XML Sitemap & Google News 8.1 High2024-05-09
CVE-2024-3807 Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta — Porto 8.8 High2024-05-09
CVE-2024-3849 Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion — Click to Chat – HoliThemes 8.8 High2024-05-02
CVE-2024-3500 ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets — ElementsKit Pro 8.8 High2024-05-02

Vulnerabilities classified as CWE-98 (PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)) represent 1082 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.