| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions. |
| Unauthenticated Local File Inclusion in Imba <= 1.5.0 versions. |
| Unauthenticated Local File Inclusion in Dazzle <= 1.0.0 versions. |
| Unauthenticated Local File Inclusion in Snow Club <= 1.1 versions. |
| Unauthenticated Local File Inclusion in Fortius <= 2.3.0 versions. |
| Unauthenticated Local File Inclusion in Gamic <= 1.15 versions. |
| Unauthenticated Local File Inclusion in Granola <= 1.13 versions. |
| Unauthenticated Local File Inclusion in Gunslinger <= 1.7 versions. |
| Unauthenticated Local File Inclusion in Etude <= 1.6 versions. |
| Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. |
| Unauthenticated Local File Inclusion in Atomlab <= 2.4.5 versions. |
| Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions. |
| Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors allows PHP Local File Inclusion.
This issue affects Motors: from n/a through 1.4.109. |
| WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data. |
| WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data. |
| WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files. |
| WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code. |
| WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code. |
| Unauthenticated Local File Inclusion in Geya <= 1.15 versions. |
