← Back
CWE-98

1,143 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

JSON object

Loading...

CVEs (1,143)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-54031
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board supportboard allows PHP Local File Inclusion.This issue affects Support Boar...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board supportboard allows PHP Local File Inclusion.This issue affects Support Board: from n/a through <= 3.8.0.Show less
CVE-2025-54028
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affec...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Saleswonder Team: Tobias CF7 WOW Styler cf7-styler allows PHP Local File Inclusion.This issue affects CF7 WOW Styler: from n/a through <= 1.7.2.Show less
CVE-2025-54017
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows PHP Local File Inclusion.This issue affects Paid Member Subscriptions: from n/a through <= 2.15.4.Show less
CVE-2025-53567
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a throug...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Ghost Kit ghostkit allows PHP Local File Inclusion.This issue affects Ghost Kit: from n/a through <= 3.4.1.Show less
CVE-2025-53565
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews business-reviews-wp allows PHP Local File Inclusion.This issu...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews business-reviews-wp allows PHP Local File Inclusion.This issue affects Widget for Google Reviews: from n/a through <= 1.0.15.Show less
CVE-2025-53210
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks zoloblocks allows PHP Local File Inclusion.This issue affects ZoloBlocks: from...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in bdthemes ZoloBlocks zoloblocks allows PHP Local File Inclusion.This issue affects ZoloBlocks: from n/a through <= 2.3.2.Show less
CVE-2025-53207
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows PHP Local File Inclusion.This issue af...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel WP Travel Gutenberg Blocks wp-travel-blocks allows PHP Local File Inclusion.This issue affects WP Travel Gutenberg Blocks: from n/a through <= 3.9.0.Show less
CVE-2025-53204
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme eventlist eventlist allows PHP Local File Inclusion.This issue affects eventlist: from n/a through <= 1.9.2.Show less
CVE-2025-53198
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a throug...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in favethemes Houzez houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a through <= 4.0.4.Show less
CVE-2025-49894
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through <= 1.3.3.
CVE-2025-49892
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking:...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Uxper Booking uxper-booking allows PHP Local File Inclusion.This issue affects Uxper Booking: from n/a through <= 1.3.3.Show less
CVE-2025-49889
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT edge-cpt allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Edge CPT edge-cpt allows PHP Local File Inclusion.This issue affects Edge CPT: from n/a through <= 1.4.Show less
CVE-2025-49438
-
-
Apr 28, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3.
CVE-2025-49436
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue affects Anotte: from n/a thro...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Anotte anotte-wp allows PHP Local File Inclusion.This issue affects Anotte: from n/a through <= 1.8.Show less
CVE-2025-49428
-
-
Apr 28, 2026
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3.
CVE-2025-49426
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue affects Kitring: from n/a through <...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue affects Kitring: from n/a through <= 2.8.Show less
CVE-2025-48302
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEn...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roxnor FundEngine wp-fundraising-donation allows PHP Local File Inclusion.This issue affects FundEngine: from n/a through <= 1.7.4.Show less
CVE-2025-48298
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue a...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Benjamin Denis SEOPress for MainWP seopress-for-mainwp allows PHP Local File Inclusion.This issue affects SEOPress for MainWP: from n/a through <= 1.4.Show less
CVE-2025-48171
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a thr...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Cena Store cena allows PHP Local File Inclusion.This issue affects Cena Store: from n/a through <= 2.11.26.Show less
CVE-2025-48160
-
-
Apr 23, 2026
Aug 20, 2025
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects Caliris: from n/a t...Show more
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CocoBasic Caliris caliris-wp allows PHP Local File Inclusion.This issue affects Caliris: from n/a through <= 1.5.Show less