CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31040 – WordPress WP Food ordering and Restaurant Menu <= 1.1 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-31040
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound WP Food ordering and Restaurant Menu allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases wh... • https://patchstack.com/database/wordpress/plugin/wp-food/vulnerability/wordpress-wp-food-ordering-and-restaurant-menu-1-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32519 – WordPress IDonate plugin <= 2.1.8 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32519
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeAtelier IDonate allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “saf... • https://patchstack.com/database/wordpress/plugin/idonate/vulnerability/wordpress-idonate-plugin-2-1-8-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32577 – WordPress Build App Online Plugin <= 1.0.23 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32577
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and oth... • https://patchstack.com/database/wordpress/plugin/build-app-online/vulnerability/wordpress-build-app-online-plugin-1-0-23-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32585 – WordPress Shop Products Filter Plugin <= 1.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32585
09 Apr 2025 — This makes it possible for authenticated attackers, with subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/wordpress/plugin/trusty-woo-products-filter/vulnerability/wordpress-shop-products-filter-plugin-1-2-local-file-inclusion-vulnerability?_s_id=cve • .//' CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32587 – WordPress WooCommerce Pickupp Plugin <= 2.4.0 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32587
09 Apr 2025 — This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. • https://patchstack.com/database/wordpress/plugin/wc-pickupp/vulnerability/wordpress-woocommerce-pickupp-plugin-2-4-0-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32589 – WordPress Flexi – Guest Submit Plugin <= 4.28 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32589
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi – Guest Submit allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and othe... • https://patchstack.com/database/wordpress/plugin/flexi/vulnerability/wordpress-flexi-guest-submit-plugin-4-28-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32614 – WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32614
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “saf... • https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-plugin-2-3-2-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32627 – WordPress JS Job Manager plugin <= 2.0.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32627
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager allows PHP Local File Inclusion. ... This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “s... • https://patchstack.com/database/wordpress/plugin/js-jobs/vulnerability/wordpress-js-job-manager-plugin-2-0-2-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32629 – WordPress WP-BusinessDirectory Plugin <= 3.1.2 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-32629
09 Apr 2025 — The WP-BusinessDirectory – Business directory plugin for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 3.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/wp-businessdirectory/vulnerability/wordpress-wp-businessdirectory-plugin-3-1-2-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32633 – WordPress Database Toolset Plugin <= 1.8.4 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-32633
09 Apr 2025 — The Database Toolset plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). • https://patchstack.com/database/wordpress/plugin/database-toolset/vulnerability/wordpress-database-toolset-plugin-1-8-4-arbitrary-file-deletion-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •