Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-60240 HIGH

AnyComment <= 0.3.6 - Code Injection

CVE-2025-60204 HIGH

WooCommerce Store Toolkit <2.4.3 - Code Injection

CVE-2025-60203 HIGH

Josh Kohlbach Store Exporter <2.7.6 - Code Injection

CVE-2025-60202 HIGH

Kyle Phillips Favorites <2.3.6 - Code Injection

CVE-2025-60201 HIGH

aguilatechnologies WP Customer Area <8.2.7 - Code Injection

CVE-2025-60200 HIGH

ThimPress LearnPress Export Import <4.0.9 - Code Injection

CVE-2025-60199 HIGH

dedalx InHype <1.5.2 - Code Injection

CVE-2025-60198 HIGH

dedalx Saxon <=1.9.3 - Code Injection

CVE-2025-60197 HIGH

Simple Contact Forms <1.6.4 - Code Injection

CVE-2025-60196 HIGH

Clearblue Clearblue Ovulation Calculator <1.2.4 - Code Injection

CVE-2025-60194 HIGH

Premmerce Product Search <2.2.4 - Code Injection

CVE-2025-60193 HIGH

Premmerce User Roles <1.0.14 - Code Injection

CVE-2025-60192 HIGH

Premmerce Wholesale Pricing for WooCommerce <1.1.10 - Code Injection

CVE-2025-60191 HIGH

Premmerce Wishlist <1.1.10 - Code Injection

CVE-2025-60190 HIGH

Hinnerk Altenburg Immocaster WordPress Plugin <1.3.6 - Code Injection

CVE-2025-60189 HIGH

PoloPag - Pix Automtico para Woocommerce <= 2.0.9 - PHP Local File Inclusion

CVE-2025-60074 HIGH

Lazy Load Optimizer <1.4.7 - Code Injection

CVE-2025-60073 HIGH

Processby Responsive Sidebar <=1.2.2 - Code Injection

CVE-2025-58995 HIGH

Creatives_Planet Leblix <=2.4 - Code Injection

CVE-2025-58994 HIGH

designervily Greenify <= 2.2 - PHP Local File Inclusion

CVE-2025-53252 HIGH

zozothemes Zegen <= 1.1.9 - Code Injection

CVE-2025-48330 HIGH

Daman Jeet Real Time Validation for Gravity Forms <1.7.0 - Code Inj...

CVE-2025-48290 HIGH

bslthemes Kinsley <= 3.4.4 - Code Injection

CVE-2025-39468 HIGH

pantherius Modal Survey <2.0.2.0.1 - RCE

CVE-2025-39466 HIGH

Qodeinteractive Dor < 2.4.1 - Remote File Inclusion

Previous Page 28 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy