CWE-98: CWE-98
Yearly Trend
Top Affected Vendors
All CWE-98 CVEs (608)
The BoomBox Theme Extensions plugin for WordPress has a Local File Inclusion vulnerability that allows authenticated attackers with contributor-level ...
Feb 3, 2025The Jupiter X Core WordPress plugin has a Local File Inclusion vulnerability that leads to Remote Code Execution. Authenticated attackers with Contrib...
Feb 1, 2025The ThemeREX Addons WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with contributor-level permissions o...
Jan 25, 2025This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks through the WP...
Dec 25, 2024This vulnerability allows authenticated attackers with Contributor-level WordPress access or higher to perform Local File Inclusion via the 'theme' at...
Dec 12, 2024This vulnerability allows authenticated attackers with contributor-level access or higher to perform Local File Inclusion (LFI) via a WordPress shortc...
Dec 5, 2024This vulnerability allows authenticated attackers with Contributor-level WordPress access or higher to perform Local File Inclusion via the _load_temp...
Nov 23, 2024This vulnerability allows authenticated WordPress users with Contributor-level access or higher to include and execute arbitrary PHP files on the serv...
Nov 21, 2024The WPC Smart Messages for WooCommerce WordPress plugin contains a Local File Inclusion vulnerability that allows authenticated attackers with Subscri...
Oct 29, 2024The Clean Login WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or higher ...
Aug 30, 2024This CVE describes a PHP Remote File Inclusion vulnerability in the bumsys software that allows attackers to include and execute arbitrary remote file...
May 5, 2023AgileBio Electronic Lab Notebook v4.234 contains a local file inclusion vulnerability that allows attackers to read arbitrary files on the server. Thi...
Mar 6, 2023This Local File Inclusion vulnerability in LA-Studio Element Kit for Elementor allows attackers to include arbitrary local files via the 'progress_typ...
Jul 2, 2024This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
May 19, 2025This CVE describes a Local File Inclusion vulnerability in the Bfres WordPress theme that allows attackers to include arbitrary PHP files from the ser...
Jan 22, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Jan 22, 2026This vulnerability allows attackers to include local PHP files through improper filename control in the Rashy WordPress theme. Attackers can read sens...
Jan 22, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Anchor Smooth Scroll WordPress plugin. It affe...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the Rare Radio WordPress theme. A...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the MaxCube WordPress theme. Attackers can include arbitrary local files through improp...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the EcoGrow WordPress theme. Attackers can potenti...
Dec 18, 2025This vulnerability allows attackers to include arbitrary local files through PHP's include/require functions in the Vocal WordPress theme. Attackers c...
Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Athos WordPress theme. It enables PHP Local Fi...
Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Basil WordPress theme that allows attackers to include arbitrary local files via im...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Dwell WordPress theme by axiomthemes. Attackers can include arbitrary local files t...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the FitFlex WordPress theme. Attackers can read se...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Sanger WordPress theme. Attackers can read sen...
Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Tourimo WordPress theme that allows attackers to include arbitrary local files via ...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Good Mood WordPress theme. Attackers can poten...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the Festy WordPress theme. Attack...
Dec 18, 2025About CWE-98 (CWE-98)
Our database tracks 608 CVEs classified as CWE-98, with 81 rated critical and 513 rated high severity. The average CVSS score for CWE-98 vulnerabilities is 8.1.
External reference: View CWE-98 on MITRE CWE →
Monitor CWE-98 Vulnerabilities
Get alerted when new CWE-98 CVEs affect your infrastructure.
Start Monitoring Free