Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
1619032.5%CRITICAL

Related CVEs

19
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-22708Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4.HIGH8.139.7%Jan 8, 2026
CVE-2025-22707Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3.HIGH8.139.7%Jan 8, 2026
CVE-2025-14430Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0.HIGH8.132.2%Jan 8, 2026
CVE-2025-14429Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6.HIGH8.132.2%Jan 8, 2026
CVE-2025-60069Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.HIGH8.133.2%Dec 18, 2025
CVE-2025-68062Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.HIGH7.522.3%Dec 16, 2025
CVE-2025-68061Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.HIGH7.521.6%Dec 16, 2025
CVE-2025-59564Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5.HIGH8.138.3%Oct 22, 2025
CVE-2025-59558Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6.HIGH8.138.3%Oct 22, 2025
CVE-2025-59555Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through < 1.9.7.HIGH8.138.3%Oct 22, 2025
CVE-2025-58967Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4.HIGH8.138.3%Oct 22, 2025
CVE-2025-58958Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5.HIGH8.138.3%Oct 22, 2025
CVE-2025-58206Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5.CRITICAL9.831.2%Sep 5, 2025
CVE-2025-58210Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5.CRITICAL9.814.6%Sep 3, 2025
CVE-2025-54701Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3.CRITICAL9.828.3%Aug 14, 2025
CVE-2025-54700Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4.CRITICAL9.828.3%Aug 14, 2025
CVE-2025-39474Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through <= 3.1.4.CRITICAL9.829.3%Jun 27, 2025
CVE-2025-32309Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3.HIGH8.141.0%May 23, 2025
CVE-2021-24950The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacksMEDIUM5.4Mar 14, 2022