Total
1218 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35650 | 1 Melapress | 1 Melapress Login Security | 2026-06-17 | N/A | 4.9 MEDIUM |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security melapress-login-security.This issue affects MelaPress Login Security: from n/a through <= 1.3.0. | |||||
| CVE-2024-35629 | 1 Wow-company | 1 Easy Digital Downloads | 2026-06-17 | N/A | 9.6 CRITICAL |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2. | |||||
| CVE-2024-34314 | 1 Cmseasy | 1 Cmseasy | 2026-06-17 | N/A | 4.9 MEDIUM |
| CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fetch_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||||
| CVE-2024-33863 | 2 Linqi, Microsoft | 2 Linqi, Windows | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion. | |||||
| CVE-2024-32523 | 2026-06-17 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6. | |||||
| CVE-2024-31459 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2026-06-17 | N/A | 8.0 HIGH |
| Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue. | |||||
| CVE-2024-30849 | 1 Donbermoy | 1 Complete E-commerce Site | 2026-06-17 | N/A | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. | |||||
| CVE-2024-2411 | 1 Stylemixthemes | 1 Masterstudy Lms | 2026-06-17 | N/A | 9.8 CRITICAL |
| The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-2047 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2026-06-17 | N/A | 8.8 HIGH |
| The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the render_raw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-27971 | 2026-06-17 | N/A | 8.3 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce woo-permalink-manager.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through <= 2.3.10. | |||||
| CVE-2024-21687 | 1 Atlassian | 1 Bamboo | 2026-06-17 | N/A | 8.1 HIGH |
| This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server. This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the contents of a local file, or execute a different files already stored locally on the server which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires no user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE See the release notes (https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html). You can download the latest version of Bamboo Data Center and Server from the download center (https://www.atlassian.com/software/bamboo/download-archives). This vulnerability was reported via our Bug Bounty program. | |||||
| CVE-2024-1600 | 1 Lollms | 1 Lollms Web Ui | 2026-06-17 | N/A | 9.3 CRITICAL |
| A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application. | |||||
| CVE-2024-1382 | 1 Nicdarkthemes | 1 Restaurant Reservations | 2026-06-17 | N/A | 8.8 HIGH |
| The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible. | |||||
| CVE-2024-14002 | 1 Nagios | 1 Nagios Xi | 2026-06-17 | N/A | 5.5 MEDIUM |
| Nagios XI versions prior to 2024R1.1.4 contain a local file inclusion (LFI) vulnerability via its NagVis integration. An authenticated user can supply crafted path values that cause the server to include local files, potentially exposing sensitive information from the underlying host. | |||||
| CVE-2024-13790 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-13593 | 1 Bmltenabled | 1 Meeting Map | 2026-06-17 | N/A | 7.5 HIGH |
| The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-13592 | 1 Webdevocean | 1 Team-builder-for-wpbakery-page-builder | 2026-06-17 | N/A | 7.5 HIGH |
| The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-13408 | 1 Pickplugins | 1 Post Grid | 2026-06-17 | N/A | 7.5 HIGH |
| The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the `pgcu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | |||||
| CVE-2024-13353 | 1 Cyberchimps | 1 Responsive Addons For Elementor | 2026-06-17 | N/A | 8.8 HIGH |
| The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |||||
| CVE-2024-12859 | 2026-06-17 | N/A | 8.8 HIGH | ||
| The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | |||||