CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98
CVE-2025-49275 HIGH
Unfoldwp Blogbyte <1.1.1 - Code Injection
CVSS 8.1
CVE-2025-48126 HIGH
Essential Real Estate <= 5.2.9 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-48125 HIGH
WP Event Manager <3.1.49 - Code Injection
CVSS 8.1
CVE-2025-39476 HIGH
Magentech Revo <4.0.26 - Code Injection
CVSS 7.5
CVE-2025-32595 HIGH
gavias Krowd <1.4.1 - Code Injection
CVSS 8.1
CVE-2025-28992 HIGH
SNS Anton <= 4.1 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-28945 HIGH
snstheme Valen - Sport, Fashion WooCommerce WordPress Theme <2.4 - ...
CVSS 8.1
CVE-2025-28944 HIGH
snstheme Avaz <2.8 - Code Injection
CVSS 8.1
CVE-2025-28888 HIGH
BZOTheme GiftXtore <1.7.4 - Code Injection
CVSS 8.1
CVE-2025-27362 HIGH
BZOTheme Petito <1.6.2 - Code Injection
CVSS 8.1
CVE-2025-26592 HIGH
AncoraThemes Inset <1.18.0 - Code Injection
CVSS 8.1
CVE-2025-24770 HIGH
BZOTheme CraftXtore <1.7 - Code Injection
CVSS 8.1
CVE-2025-24768 HIGH
snstheme Nitan <2.9 - Code Injection
CVSS 8.1
CVE-2025-49313 HIGH
ovatheme BRW <1.8.6 - Code Injection
CVSS 7.5
CVE-2025-49308 HIGH
WP Travel Engine <6.5.1 - Code Injection
CVSS 7.5
CVE-2025-49307 HIGH
Magazine3 WP Multilang <2.4.19 - Code Injection
CVSS 7.5
CVE-2025-30999 HIGH
Fahad Mahmood WP Shopify <1.5.3 - Code Injection
CVSS 7.5
CVE-2025-47586 CRITICAL
StylemixThemes Motors - Events <1.4.7 - Code Injection
CVSS 9.0
CVE-2025-48292 HIGH
GoodLayers Tourmaster <5.3.8 - Code Injection
CVSS 8.1
CVE-2025-47672 HIGH
miniOrange Discord Integration <2.2.2 - Code Injection
CVSS 8.1
CVE-2025-47670 HIGH
miniOrange WordPress Social Login & Register <7.6.10 - Code Injection
CVSS 8.1
CVE-2025-47453 HIGH
Xylus Themes WP Smart Import <= 1.1.3 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-47438 HIGH
WP Job Portal <= 2.3.1 - PHP Local File Inclusion
CVSS 8.1
CVE-2025-46474 HIGH
SEUR Oficial <2.2.23 - Code Injection
CVSS 8.1
CVE-2025-46468 CRITICAL
WPFable Fable Extra <1.0.6 - Code Injection
CVSS 9.8
Details
Vulnerabilities 1,228
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits