CWE-98: CWE-98
Yearly Trend
Top Affected Vendors
All CWE-98 CVEs (608)
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Nov 30, 2024This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Nov 14, 2024This CVE describes a PHP remote file inclusion vulnerability in the Houzez WordPress theme. Attackers can include arbitrary remote files, potentially ...
Nov 6, 2025CVE-2024-31459 is a critical vulnerability in Cacti monitoring software that allows remote code execution through a combination of SQL injection and f...
May 14, 2024This CVE-2023-49084 vulnerability in Cacti allows authenticated users to perform SQL injection and arbitrary code execution on the server through the ...
Dec 21, 2023This CVE describes a PHP Local File Inclusion vulnerability in the Omnipress WordPress plugin. Attackers can exploit improper filename control in incl...
Jan 23, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 9, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Simple Retail Menus WordPress plugin. Attackers can include arbitrary local files f...
Feb 20, 2026This CVE describes a PHP Local File Inclusion vulnerability in the WP Shop WordPress plugin. Attackers can include arbitrary local files through impro...
Feb 20, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Feb 20, 2026This CVE describes a PHP Local File Inclusion vulnerability in the VanKarWai Airtifact WordPress theme. Attackers can include arbitrary local files th...
Feb 19, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Feb 19, 2026This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks via the Flexi ...
Feb 14, 2026This CVE describes a PHP Local File Inclusion vulnerability in the Unicamp WordPress theme. Attackers can include arbitrary local files through improp...
Feb 3, 2026This CVE describes a PHP Local File Inclusion vulnerability in the Talemy Spirit Framework WordPress plugin. Attackers can exploit improper filename c...
Feb 2, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Jan 22, 2026This CVE describes a PHP Local File Inclusion vulnerability in the My auctions allegro WordPress plugin. Attackers can exploit improper filename contr...
Jan 22, 2026This CVE describes a PHP Local File Inclusion vulnerability in the Freshio WordPress theme. Attackers can include arbitrary local files through improp...
Jan 22, 2026This CVE describes a PHP Local File Inclusion vulnerability in the Triply WordPress theme by pavothemes. Attackers can include arbitrary local files t...
Jan 22, 2026This CVE describes a PHP Local File Inclusion vulnerability in the Miion WordPress theme by zozothemes. Attackers can exploit improper filename contro...
Jan 22, 2026This CVE describes a PHP Local File Inclusion vulnerability in the JNews - Pay Writer WordPress plugin. Attackers can exploit improper filename contro...
Jan 22, 2026This vulnerability allows attackers to include local PHP files through improper filename control in the MyHome Core WordPress plugin. Attackers can po...
Jan 22, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Jan 22, 2026This CVE describes a PHP Local File Inclusion vulnerability in the G5Theme Handmade Framework WordPress plugin. Attackers can include arbitrary local ...
Jan 8, 2026This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Jan 6, 2026This CVE describes a PHP Local File Inclusion vulnerability in the VanKarWai Calafate WordPress theme. Attackers can include arbitrary local files thr...
Jan 6, 2026This vulnerability allows attackers to include local files on the server through improper input validation in the MAS Videos WordPress plugin. Attacke...
Dec 30, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 30, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 29, 2025This CVE describes a PHP Local File Inclusion vulnerability in the CedCommerce Integration for Good Market WordPress plugin. Attackers can include arb...
Dec 29, 2025This vulnerability allows remote attackers to include arbitrary PHP files via a filename parameter in TheGem Theme Elements for Elementor WordPress pl...
Dec 23, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 23, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 23, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This CVE describes a PHP Local File Inclusion vulnerability in the Ray Enterprise Translation WordPress plugin. Attackers can exploit improper filenam...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 18, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Dec 16, 2025This vulnerability allows attackers to include local files on the server through the Stockholm WordPress theme's PHP code. Attackers can potentially r...
Dec 16, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the EduMall WordPress theme. Attackers can potenti...
Dec 16, 2025This CVE describes a PHP Local File Inclusion vulnerability in the MinimogWP WordPress theme. Attackers can include arbitrary local files, potentially...
Dec 16, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 16, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 16, 2025The LT Unleashed WordPress plugin has a Local File Inclusion vulnerability that allows authenticated attackers with Contributor-level access or higher...
Dec 12, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the The7 WordPress theme. Attackers can potentiall...
Dec 9, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 9, 2025This vulnerability allows attackers to include local PHP files through improper filename control in the Ronneby Theme Core WordPress plugin. Attackers...
Dec 9, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Dec 9, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Nov 6, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affec...
Nov 6, 2025This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It aff...
Nov 6, 2025About CWE-98 (CWE-98)
Our database tracks 608 CVEs classified as CWE-98, with 81 rated critical and 513 rated high severity. The average CVSS score for CWE-98 vulnerabilities is 8.1.
External reference: View CWE-98 on MITRE CWE →
Monitor CWE-98 Vulnerabilities
Get alerted when new CWE-98 CVEs affect your infrastructure.
Start Monitoring Free