Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-98

CWE-98

High likelihood

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

1,228 vulnerabilities with CWE-98

CVE-2025-22279 HIGH

Crocoblock JetCompareWishlist <1.5.9 - Code Injection

CVE-2025-32668 HIGH

Rameez Iqbal Real Estate Manager <7.3 - Code Injection

CVE-2025-32160 HIGH

EventON <= 2.4.1 - Local File Inclusion

CVE-2025-32158 HIGH

aThemes Addons for Elementor <= 1.1.3 - Local File Inclusion

CVE-2025-32692 HIGH

WP Shuffle WP Subscription Forms <1.2.4 - Code Injection

CVE-2025-32499 MEDIUM

wpWax Logo Showcase Ultimate <1.4.4 - Code Injection

CVE-2025-32159 HIGH

RadiusTheme Radius Blocks <2.2.1 - Code Injection

CVE-2025-32157 HIGH

Sparkle Elementor Kit <2.0.9 - Code Injection

CVE-2025-32156 HIGH

Just Post Preview Widget <1.1.1 - Code Injection

CVE-2025-32155 HIGH

Beds24 Online Booking <2.0.26 - Code Injection

CVE-2025-32154 HIGH

Catch Dark Mode <= 2.0.1 - PHP Local File Inclusion

CVE-2025-32153 HIGH

VG WooCarousel <1.3 - Code Injection

CVE-2025-32152 HIGH

Slider a SlidersPack <2.3 - Code Injection

CVE-2025-32151 HIGH

BuddyForms <= 2.9.0 - PHP Local File Inclusion

CVE-2025-32150 HIGH

Rameez Iqbal Real Estate Manager <7.3 - Code Injection

CVE-2025-32146 HIGH

JoomSky JS Job Manager <= 2.0.2 - PHP Local File Inclusion

CVE-2025-32142 HIGH

Stylemix Motors <1.4.65 - Code Injection

CVE-2025-32141 HIGH

Stylemix MasterStudy LMS <3.5.23 - Code Injection

CVE-2025-31405 HIGH

zankover Fami WooCommerce Compare <1.0.5 - Code Injection

CVE-2025-31098 HIGH

Debounce Email Validator <5.7 - Code Injection

CVE-2025-31097 HIGH

Material Dashboard <1.4.5 - Code Injection

CVE-2025-31082 HIGH

InfornWeb News & Blog Designer Pack <4.0 - Code Injection

CVE-2025-30901 HIGH

JoomSky JS Help Desk <= 2.9.2 - PHP Local File Inclusion

CVE-2025-30870 HIGH

WP Travel Engine <6.3.5 - Code Injection

CVE-2025-30849 HIGH

g5theme Essential Real Estate <5.2.0 - Code Injection

Previous Page 40 of 50 Next

Details

Vulnerabilities 1,228

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy