CWE-98: CWE-98
Yearly Trend
Top Affected Vendors
All CWE-98 CVEs (608)
This CVE describes a PHP Local File Inclusion vulnerability in the Kinsley WordPress theme. Attackers can include arbitrary local files on the server,...
Nov 6, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Nov 6, 2025This vulnerability allows remote attackers to include and execute arbitrary PHP files on servers running vulnerable versions of the Modal Survey WordP...
Nov 6, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Dessau WordPress theme. Attackers can include arbitrary local files, potentially le...
Nov 6, 2025This vulnerability allows attackers to include and execute arbitrary local PHP files on servers running the vulnerable Mikado-Themes DΓΈr WordPress th...
Nov 6, 2025This CVE describes a PHP Local File Inclusion vulnerability in ArkSigner's AcBakImzala software that allows attackers to include and execute arbitrary...
Oct 23, 2025This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) in the JoomSport WordPress plugin, enabling them to include ...
Oct 3, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Aug 14, 2025CVE-2025-8913 is a critical Local File Inclusion vulnerability in WellChoose's Organization Portal System that allows unauthenticated remote attackers...
Aug 13, 2025This vulnerability allows unauthenticated attackers to execute arbitrary code on WordPress servers running the vulnerable Ads Pro Plugin. Attackers ca...
Jul 2, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
May 23, 2025This vulnerability allows attackers to include arbitrary local files through PHP's include/require statements in the WPAMS WordPress plugin. Attackers...
May 19, 2025This vulnerability allows attackers to include local files on the server through PHP's include/require statements, potentially leading to remote code ...
Apr 11, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Docpro WordPress plugin that allows attackers to include arbitrary local files via ...
Mar 26, 2025This vulnerability allows unauthenticated attackers to perform Local File Inclusion (LFI) in the MinimogWP WordPress theme by manipulating the 'templa...
Mar 19, 2025This vulnerability in the Traveler WordPress theme allows unauthenticated attackers to include and execute arbitrary PHP files on the server via a Loc...
Mar 15, 2025This vulnerability in the WHMpress WordPress plugin allows unauthenticated attackers to include and execute arbitrary PHP files on the server via Loca...
Feb 28, 2025This vulnerability allows attackers to include local files on the server through improper input validation in the Build App Online WordPress plugin. A...
Jan 7, 2025This vulnerability allows unauthenticated attackers to include and execute arbitrary files on WordPress servers running the vulnerable Store Locator p...
Dec 20, 2024The WP Umbrella WordPress plugin has a critical Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitr...
Dec 8, 2024The Chartify WordPress plugin is vulnerable to Local File Inclusion (LFI) via the 'source' parameter, allowing unauthenticated attackers to include an...
Nov 14, 2024The Category Ajax Filter WordPress plugin has a Local File Inclusion vulnerability that allows unauthenticated attackers to include and execute arbitr...
Nov 9, 2024This critical vulnerability in ONS-S8 Spectra Aggregation Switch web service allows attackers to bypass authentication, traverse directories, and exec...
Oct 3, 2024This vulnerability allows attackers to perform local file inclusion via the /api/Cdn/GetFile endpoint in linqi on Windows systems. Attackers can read ...
May 14, 2024This CVE describes a local file inclusion vulnerability in Advantech R-SeeNet's options.php script that allows attackers to execute arbitrary PHP code...
Jul 16, 2021This vulnerability allows attackers to include arbitrary local files through PHP's include/require statements in the Hide My WP Ghost WordPress plugin...
Mar 27, 2025This vulnerability allows attackers to include remote PHP files through improper filename control in the Compute Links WordPress plugin. Attackers can...
Aug 19, 2024This CVE describes a Local File Inclusion vulnerability in the parisneo/lollms-webui application that allows attackers to read arbitrary files on the ...
Apr 10, 2024This vulnerability in SuiteCRM allows attackers to upload malicious files that bypass verification checks, leading to remote code execution. All Suite...
Jun 10, 2024This CVE describes an unauthenticated Local File Inclusion vulnerability in the WordPress Motors - Events plugin by StylemixThemes. Attackers can incl...
Jun 6, 2025This vulnerability allows unauthenticated attackers to include arbitrary local files in PHP applications, potentially leading to remote code execution...
Mar 10, 2025The SportsPress WordPress plugin has a Local File Inclusion vulnerability in all versions up to 2.7.26. Authenticated attackers with contributor-level...
Feb 4, 2026An unauthenticated remote attacker can exploit this Local File Inclusion vulnerability in Zimbra Collaboration's Webmail Classic UI to read arbitrary ...
Dec 22, 2025This vulnerability allows authenticated WordPress users with Contributor-level access or higher to include and execute arbitrary PHP files on the serv...
Dec 18, 2025The Category and Product Woocommerce Tabs WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with contribut...
Nov 18, 2025The WPCOM Member WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or higher...
Nov 1, 2025This CVE describes a PHP Local File Inclusion vulnerability in the WordPress Testimonial Slider plugin. Attackers can exploit improper filename contro...
Sep 26, 2025The Soledad WordPress theme contains a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or higher ...
Aug 16, 2025The WoodMart WordPress theme plugin contains a Local File Inclusion vulnerability in the 'layout' attribute that allows authenticated attackers with C...
Jul 8, 2025The Widget for Google Reviews WordPress plugin contains a directory traversal vulnerability that allows authenticated attackers with Subscriber-level ...
Jul 8, 2025This vulnerability allows attackers to include arbitrary files from remote servers in PHP applications, potentially leading to remote code execution. ...
May 19, 2025This vulnerability allows attackers to include local files on the server through improper input validation in EventON WordPress plugin. Attackers can ...
Apr 11, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Apr 4, 2025This vulnerability allows attackers to include local files on the server through improper input validation in JS Job Manager's PHP code. Attackers can...
Apr 4, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Mar 27, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Mar 27, 2025The s2Member Pro WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with contributor-level permissions or h...
Mar 18, 2025The Review Schema WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with contributor-level permissions or ...
Mar 11, 2025The Traveler WordPress theme has a Local File Inclusion vulnerability in the 'hotel_alone_slider' shortcode that allows authenticated attackers with c...
Feb 28, 2025This vulnerability allows authenticated attackers with Contributor-level access or higher to perform Local File Inclusion (LFI) in the Responsive Addo...
Feb 21, 2025About CWE-98 (CWE-98)
Our database tracks 608 CVEs classified as CWE-98, with 81 rated critical and 513 rated high severity. The average CVSS score for CWE-98 vulnerabilities is 8.1.
External reference: View CWE-98 on MITRE CWE →
Monitor CWE-98 Vulnerabilities
Get alerted when new CWE-98 CVEs affect your infrastructure.
Start Monitoring Free