CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,149 vulnerabilities with CWE-98
CVE-2026-39613 HIGH
WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability
CVSS 7.5
CVE-2026-39611 HIGH
WordPress KuteShop theme <= 4.2.9 - Local File Inclusion vulnerability
CVSS 7.5
CVE-2026-39544 HIGH
WordPress LabtechCO theme <= 8.3 - Local File Inclusion vulnerability
CVSS 7.5
CVE-2026-39538 HIGH
WordPress Mikado Core plugin <= 1.6 - Local File Inclusion vulnerability
CVSS 7.5
CVE-2026-34787 MEDIUM
Emlog: Local File Inclusion in plugin.php via unsanitized plugin parameter
CVSS 6.5
CVE-2026-34036 MEDIUM
Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php
CVSS 6.5
CVE-2026-32537 HIGH
WordPress Visual Portfolio, Photo Gallery & Post Grid plugin <= 3.5.1 - Local File Inclusion vulnerability
CVSS 7.5
CVE-2026-32531 HIGH
WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-32505 HIGH
WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-32504 HIGH
WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-32503 HIGH
WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-32500 HIGH
WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27081 HIGH
WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27080 HIGH
WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27079 HIGH
WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27078 HIGH
WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27077 HIGH
WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27076 HIGH
WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27075 HIGH
WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27048 HIGH
WordPress The Aisle Core plugin <= 2.0.5 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-27047 HIGH
WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-25464 HIGH
WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-25458 HIGH
WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-25457 HIGH
WordPress Mixtape theme <= 2.1 - Local File Inclusion vulnerability
CVSS 8.1
CVE-2026-25382 HIGH
WordPress IdealAuto theme < 3.8.6 - Local File Inclusion vulnerability
CVSS 8.1
Details
Vulnerabilities 1,149
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits