Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-32657 HIGH

RadiusTheme Testimonial Slider And Showcase Pro <2.1.7 - Code Injec...

CVE-2025-11722 HIGH

WooCommerce Category and Products Accordion Panel <1.0 - Local File...

CVE-2025-7634 CRITICAL

WP Travel Engine - Tour Booking Plugin - Tour Operator Software <6....

CVE-2025-7721 CRITICAL

JoomSport <= 5.7.3 - Unauthenticated Local File Inclusion

CVE-2025-9993 HIGH

Bei Fen - WordPress Backup Plugin <1.4.2 - Local File Inclusion

CVE-2025-9991 HIGH

Tiny Bootstrap Elements Light <4.3.34 - Local File Inclusion

CVE-2025-60153 HIGH

wpshuffle Subscribe To Unlock <1.1.5 - Code Injection

CVE-2025-60150 HIGH

Subscribe to Download <= 2.0.9 - PHP Local File Inclusion

CVE-2025-60126 HIGH

PluginOps Testimonial Slider <3.5.8.6 - Code Injection

CVE-2025-59588 HIGH

PenciDesign Soledad <8.6.8 - Code Injection

CVE-2025-58973 HIGH

hashthemes Easy Elementor Addons <2.2.8 - Code Injection

CVE-2025-57925 HIGH

immonex Kickstart Team <1.6.9 - Code Injection

CVE-2025-53450 HIGH

Pluginwale Easy Pricing Table WP <1.1.3 - Code Injection

CVE-2025-10143 HIGH

Catch Dark Mode <2.0 - Local File Inclusion

CVE-2025-10269 HIGH

Spirit Framework plugin for WordPress <=1.2.13 - Local File Inclusion

CVE-2025-9874 HIGH

Ultimate Classified Listings <1.6 - Local File Inclusion

CVE-2025-58215 HIGH

Ziston < 1.4.5 - PHP Local File Inclusion

CVE-2025-54709 HIGH

Sala < 1.1.6 - Local File Inclusion via PHP Include/Require Statement

CVE-2025-47695 HIGH

solwin Blog Designer PRO <3.4.7 - Code Injection

CVE-2025-47571 HIGH

Highwarden Super Store Finder <6.9.7 - Code Injection

CVE-2025-58214 HIGH

gavias Indutri < 1.3.0 - PHP Local File Inclusion

CVE-2025-58206 HIGH

ThemeMove MaxCoach <= 3.2.5 - PHP Local File Inclusion

CVE-2025-57889 HIGH

RealMag777 InPost Gallery <2.1.4.5 - Code Injection

CVE-2025-9990 HIGH

WordPress Helpdesk Integration <5.8.10 - Local File Inclusion

CVE-2025-58637 HIGH

immonex Kickstart <1.11.6 - Code Injection

Previous Page 30 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy