Threats Tagged 'cwe-98'

The BetterDocs Pro plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 3.8.0 via the `doc_style` parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.

CVE-2026-54814 is a high severity vulnerability in StylemixThemes Motors affecting versions up to and including 1.4.109. It involves improper control of filenames used in PHP include or require statements, leading to a PHP Local File Inclusion issue. This vulnerability can allow an attacker to include unintended files, potentially resulting in full compromise of confidentiality, integrity, and availability of the affected system.

CVE-2026-39590 is a high-severity vulnerability in ThemeMove's Atomlab product, affecting versions up to and including 2.4.5. It involves an unauthenticated local file inclusion (LFI) issue, categorized under CWE-98, which relates to improper control of filenames in include or require statements in PHP programs. This vulnerability allows an attacker to include local files without authentication, potentially leading to full compromise of confidentiality, integrity, and availability of the affected system.

CVE-2026-39559 is a high severity vulnerability affecting codesupplyco's Uppercase product versions prior to 1.2.2. It involves an unauthenticated Local File Inclusion (LFI) issue, classified under CWE-98, which relates to improper control of filenames in include/require statements in PHP programs. This vulnerability allows an attacker to include local files on the server without authentication. The vulnerability has a CVSS 3.1 base score of 8.1, indicating a high impact on confidentiality, integrity, and availability. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.

CVE-2026-39523 is a high-severity vulnerability in Elated-Themes Solene Core versions up to and including 2.3.2. It involves an unauthenticated Local File Inclusion (LFI) issue, classified under CWE-98, which relates to improper control of filenames in include/require statements in PHP programs. This vulnerability allows an attacker to potentially include and execute arbitrary local files on the affected system without authentication.

CVE-2025-69175 is a high severity vulnerability affecting ThemeREX Line Agency versions up to and including 1.3.1. It is an unauthenticated Local File Inclusion (LFI) issue caused by improper control of filenames used in include/require statements in PHP, classified under CWE-98. This vulnerability allows an attacker to include local files on the server without authentication, potentially leading to full compromise of confidentiality, integrity, and availability. No official patch or remediation guidance is currently available from the vendor. The vulnerability has not been reported as exploited in the wild.

CVE-2025-69174 is a high severity vulnerability in ThemeREX Etude versions up to and including 1.6. It allows unauthenticated local file inclusion due to improper control of filenames used in include/require statements in PHP. This can lead to remote file inclusion attacks. The vulnerability is identified as CWE-98. No official patch or remediation guidance is currently available.

CVE-2025-69170 is a high-severity vulnerability in ThemeREX Eventicity versions up to and including 1.5. It involves an unauthenticated local file inclusion (LFI) issue due to improper control of filenames in include/require statements. This flaw allows an attacker to potentially include and execute arbitrary local files on the server, leading to full compromise of confidentiality, integrity, and availability.

CVE-2025-69166 is a high-severity vulnerability in ThemeREX Gunslinger versions up to and including 1.7. It involves an unauthenticated local file inclusion (LFI) issue due to improper control of filenames in include/require statements in PHP, classified under CWE-98. This flaw allows an attacker to potentially include arbitrary files on the server, leading to full compromise of confidentiality, integrity, and availability.

CVE-2025-69164 is a high-severity vulnerability in ThemeREX Skyward versions up to and including 1.10. It allows unauthenticated attackers to perform Local File Inclusion due to improper control of filenames in include/require statements in PHP. This can lead to full confidentiality, integrity, and availability compromise of the affected system.