Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-53198 HIGH

Houzez <= 4.0.4 - PHP Local File Inclusion

CVE-2025-49894 HIGH

Rewish WP Emmet <0.3.4 - XSS

CVE-2025-49892 HIGH

badasswp <1.0.2 - XSS

CVE-2025-49889 HIGH

iprogrammer Custom Comment <2.1.6 - XSS

CVE-2025-49436 HIGH

thiudis Custom Menu <1.8 - XSS

CVE-2025-49426 HIGH

Dourou Cookie Warning <1.3 - CSRF

CVE-2025-48302 HIGH

Roxnor FundEngine <1.7.4 - Code Injection

CVE-2025-48298 HIGH

SEOPress for MainWP <1.4 - Code Injection

CVE-2025-48171 HIGH

Cena Store <2.11.26 - Code Injection

CVE-2025-48160 HIGH

CocoBasic Caliris <1.5 - Code Injection

CVE-2025-48157 HIGH

Michele Giorgi Formality <1.5.9 - Code Injection

CVE-2025-48149 HIGH

dedalx Cook&Meal <1.2.3 - Code Injection

CVE-2025-8142 HIGH

Soledad theme for WordPress <=8.6.7 - Code Injection

CVE-2025-7650 HIGH

BizCalendar Web plugin for WordPress <=1.1.0.50 - Local File Inclusion

CVE-2025-54701 HIGH

ThemeMove Unicamp <= 2.6.3 - PHP Local File Inclusion

CVE-2025-54700 HIGH

ThemeMove Makeaholic <= 1.8.4 - PHP Local File Inclusion

CVE-2025-54690 HIGH

themeStek Xinterio <4.2 - Code Injection

CVE-2025-54689 HIGH

thembay Urna <2.5.7 - Code Injection

CVE-2025-52806 HIGH

eyecix JobSearch <2.9.0 - Code Injection

CVE-2025-52732 HIGH

RealMag777 Google Map Targeting <1.1.6 - Code Injection

CVE-2025-52728 HIGH

WebCodingPlace Responsive Posts Carousel <15.0 - Code Injection

CVE-2025-52716 HIGH

Acato WP REST Cache <2025.1.0 - Code Injection

CVE-2025-49271 HIGH

GravityWP GravityWP <1.4.4 - Code Injection

CVE-2025-49264 HIGH

Cloud SAML SSO - Single Sign On Login <1.0.18 - Code Injection

CVE-2025-49036 HIGH

octagonwebstudio Premium Addons for KingComposer <1.1.1 - Code Inje...

Previous Page 32 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy