2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27079 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27079

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27078 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27078

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27077 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27077

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27076 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27076

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through <= 1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27075 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27075

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27071 — Authorization: Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27071

Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7. CVSSv3.1 9.1 (CRITICAL) · EPSS 16th percentile

CWECWE 862TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27051 — Incorrect: Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27051

Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 266TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27049 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27049

Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 21th percentile

CWECWE 288TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27048 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27048

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27047 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27047

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27045 — Deserialization: of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27045

Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through <= 1.6.2. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-27044 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27044

Improper Control of Generation of Code ('Code Injection') vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Remote Code Inclusion.This issue affects Total Poll Lite: from n/a through <= 4.12.0. CVSSv3.1 9.9 (CRITICAL) · EPSS 17th percentile

CWECWE 94TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27040 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27040

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AA-Team WZone woozone allows Path Traversal.This issue affects WZone: from n/a through <= 14.0.31. CVSSv3.1 8.8 (HIGH) · EPSS 16th percentile

CWECWE 22TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-27039 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27039

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone woozone allows Blind SQL Injection.This issue affects WZone: from n/a through <= 14.0.31. CVSSv3.1 8.5 (HIGH) · EPSS 10th percentile

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25464 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25464

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25458 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25458

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through <= 2.2. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25457 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25457

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through <= 2.1. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25447 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25447

Improper Control of Generation of Code ('Code Injection') vulnerability in Jonathan Daggerhart Widget Wrangler widget-wrangler allows Code Injection.This issue affects Widget Wrangler: from n/a through <= 2.3.9. CVSSv3.1 9.1 (CRITICAL) · EPSS 18th percentile

CWECWE 94TYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25429 — Deserialization: of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25429

Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25414 — Incorrect: Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25414

Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18. CVSSv3.1 8.8 (HIGH) · EPSS 13th percentile

CWECWE 266TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
CRIT

CVE-2026-25413 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25413

Unrestricted Upload of File with Dangerous Type vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Using Malicious Files.This issue affects WPBookit Pro: from n/a through <= 1.6.18. CVSSv3.1 9.9 (CRITICAL) · EPSS 15th percentile

CWECWE 434TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25406 — Authentication: Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25406

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4. CVSSv3.1 8.1 (HIGH) · EPSS 18th percentile

CWECWE 288TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25400 — Deserialization: of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25400

Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0. CVSSv3.1 8.8 (HIGH) · EPSS 17th percentile

CWECWE 502TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25382 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25382

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through < 3.8.6. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2026-03-25
2026-03-25 17:16Z
HIGH

CVE-2026-25381 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-25381

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes LoveDate lovedate allows PHP Local File Inclusion.This issue affects LoveDate: from n/a through < 3.8.6. CVSSv3.1 8.1 (HIGH) · EPSS 36th percentile

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score