Vulnerability Name CVE Severity
Abstract Submission Local File Inclusion (0.6) CVE-2014-2383
AceIDE Local File Inclusion (2.6.2) CVE-2021-24549
ACME mini_httpd arbitrary file read CVE-2018-18778
Adavnced Video embed Local File Inclusion (1.0)
Adsense Extreme 'adsensextreme[lang]' Parameter Remote File Include (1.0.3)
Advanced Custom Fields (ACF) 'acf_abspath' Parameter Remote File Include (3.5.1)
Ajax Pagination (twitter Style) Local File Inclusion (1.1) CVE-2014-2674
All-in-One Video Gallery Local File Inclusion (2.4.9) CVE-2021-24970
AllWebMenus WordPress Menu 'abspath' Parameter Remote File Include (1.1.3) CVE-2011-3981
Annonces 'abspath' Parameter Remote File Include (1.2.0.0)
Anti-Malware Security and Brute-Force Firewall Local File Inclusion (4.18.63)
Apache Axis2 xsd local file inclusion
A Page Flip Book 'pageflipbook_language' Parameter Local File Include (2.3) CVE-2012-6652
Backup, Restore and Migrate WordPress Sites With the XCloner 'config' Parameter Local File Inclusion (3.0.3)
Backup by Supsystic Local File Inclusion (2.3.9)
BackUpWordPress Remote File Inclusion (0.4.2b) CVE-2007-5800
BackWPup 'wp_export_generate.php' Local and Remote File Include Vulnerabilities (2.1.4)
BackWPup Multiple Local File Include Vulnerabilities (1.5.2)
Blogtopdf Local File Inclusion (1.0.2) CVE-2014-2383
Booking Calendar Local File Inclusion (7.0)
BookX Local File Inclusion (1.7) CVE-2014-4937
Brandfolder-Digital Asset Management Simplified Local/Remote File Inclusion (3.0)
Browser Rejector Remote File Inclusion (2.10)
Buddypress Component Stats Local File Inclusion (1.0) CVE-2014-2383
ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2)
CIP4 Folder Download Widget Local File Inclusion (1.10)
Crayon Syntax Highlighter 'wp_load' Parameter Remote File Include (1.12.1)
Customer Reviews for WooCommerce Local File Inclusion (5.15.0) CVE-2023-0080
Dharma booking Local/Remote File Inclusion (2.38.3)
Disclosure Policy 'abspath' Parameter Remote File Include (1.0)
DM Albums 'album.php' Remote File Inclusion (1.9.2) CVE-2009-2396
Download Shortcode Local File Inclusion (0.2.3) CVE-2014-5465
Drupal Core 5.x Local File Inclusion (5.0 - 5.11) CVE-2008-6171
Drupal Core 5.x Local File Inclusion (5.0 - 5.15)
Drupal Core 6.x Local File Inclusion (6.0 - 6.9)
Easy Forms for MailChimp Local File Inclusion (6.0.5.5)
Eventify-Simple Events 'npath' Parameter Remote File Include (1.7.g)
Extensive VC Addons for WPBakery page builder Local File Inclusion (1.9) CVE-2023-0159
FireStats 'firestats-wordpress.php' Remote File Include (1.6.1) CVE-2009-2143
Floating Social Media Links 'wpp' Parameter Multiple Remote File Include Vulnerabilities (1.4.2)
gboutique Local File Inclusion (1.3) CVE-2014-2383
GraceMedia Media Player Local File Inclusion (1.0) CVE-2019-9618
Gwolle Guestbook Remote File Inclusion (1.5.3) CVE-2015-8351
IMDb Profile Widget Local File Inclusion (1.0.8)
Issuu Panel Local/Remote File Inclusion (1.6)
Joomla! Core 1.0 Remote File Inclusion (1.0.0) CVE-2006-2960
Joomla! Core 1.0.x Remote File Inclusion (1.0.11 - 1.0.14) CVE-2008-5671
Joomla! Core 2.5.x Remote File Inclusion (2.5.4 - 2.5.25) CVE-2014-7228
Joomla! Core 3.3.x Remote File Inclusion (3.3.0 - 3.3.4) CVE-2014-7228
Joomla! Core 3.x.x Local File Inclusion (3.0.0 - 3.9.25) CVE-2021-26031
Joomla! Core 3.x.x Remote File Inclusion (3.0.0 - 3.2.5) CVE-2014-7228
Joomla! Core Local File Inclusion (2.5.0 - 3.8.8) CVE-2018-12712
Joomla! core remote file inclusion CVE-2014-7228.xml
jQuery Mega Menu Widget 'skin' Parameter Local File Include (1.0)
kk Star Ratings 'root' Parameter Remote File Include (1.7)
Landing Page Builder-Lead Page-Optin Page-Squeeze Page-WordPress Landing Pages Local File Inclusion (1.4.3)
Laravel log viewer local file download (LFD) CVE-2018-8947
Last.fm Rotation Local File Inclusion (1.0) CVE-2014-5181
Light Post 'abspath' Parameter Remote File Include (1.4)
Limited Remote File Read/Include in Jira Software Server CVE-2021-26086
LiveSig 'wp-root' Parameter Remote File Include (0.4)
Local File Inclusion
Local File Inclusion (CMS Made Simple)
Localize My Post Local File Inclusion (1.0) CVE-2018-16299
Loco Translate Local File Inclusion (2.2.1)
MailChimp for WooCommerce Local File Inclusion (2.1.1)
Mailing List 'wpabspath' Parameter Remote File Include (1.3.3)
Mail Masta Local File Inclusion (1.0)
MDC YouTube Downloader Local File Inclusion (2.1.0) CVE-2015-5469
Metabase Local File Inclusion (CVE-2021-41277) CVE-2021-41277
Metabase RCE (CVE-2023-38646) CVE-2023-38646
Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)
myFlash Remote File Include (1.10) CVE-2007-2485
myGallery Remote File Include (1.4b4) CVE-2007-2426
MyPixs Local File Inclusion (0.3) CVE-2015-1000012
N-Media Website Contact Form with File Upload Local File Inclusion (1.5)
NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.7)
NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.56) CVE-2016-6565
Nmedia MailChimp Widget 'abs_path' Parameter Remote File Include (3.1)
Odoo LFI (CVE-2019-14322) CVE-2019-14322
OPS Old Post Spinner 'ops_file' Parameter Local File Include (2.2.1)
Payment Gateways Caller for WP e-Commerce Local File Inclusion (0.1)
Photocart Link Local File Inclusion (1.6)
Photo Gallery by 10Web-Mobile-Friendly Image Gallery Local File Inclusion (1.5.24) CVE-2019-14798
PHP allow_url_fopen Is Enabled
PHP allow_url_include enabled
PHP allow_url_include Is Enabled
PHP curl_exec() url is controlled by user CVE-2009-0037
PHP open_basedir Is Not Configured
PictPress 'resize.php' Multiple Local File Include Vulnerabilities (1.0) CVE-2007-6369
Post PDF Export Local File Inclusion (1.0.1) CVE-2014-2383
Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)
Posts in Page Local File Inclusion (1.2.4)
Really Simple Guest Post Local File Inclusion (1.0.6)
Redirection Local File Inclusion (2.7.3)
Relocate Upload 'abspath' Parameter Remote File Include (0.14) CVE-2012-1205
Remote File Inclusion (admin/lang.php) (CMS Made Simple) CVE-2005-2846
Revamp CRM for WooCommerce Local File Inclusion (1.0.3)
Ruben Boelinger wordTube 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43) CVE-2007-2481 CVE-2007-2482
Ruben Boelinger WP-Table 'wpPATH' Parameter Multiple Remote File Include Vulnerabilities (1.43) CVE-2007-2483 CVE-2007-2484
SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)
SAP B2B/B2C CRM Local File Inclusion
SearchBlox Local File Inclusion (CVE-2020-35580) CVE-2020-35580
SG Optimizer Local File Inclusion (5.0.12)
Shortcode Factory Local File Inclusion (2.7) CVE-2019-15322
Simple Ads Manager Local File Inclusion (2.10.0.130)
Simple Fields Local File Inclusion (0.3.5)
Sina Extension for Elementor Local File Inclusion (2.2.0) CVE-2019-15839
Site Editor-WordPress Site Builder-Theme Builder and Page Builder Local File Inclusion (1.1.1) CVE-2018-7422
Site Import Remote File Inclusion (1.0.1)
SlideDeck 2 Lite Responsive Content Slider Local/Remote File Inclusion (2.3.3)
Slider Revolution Responsive Local File Inclusion (4.1.4)
Social Discussions Remote File Include and Information Disclosure Vulnerabilities (6.1.1)
Spellchecker 'general.php' Local and Remote File Include Vulnerabilities (3.1)
Spicy Blogroll Local File Include (1.0.0)
Subscribe to Comments Local File Inclusion (2.1.2)
TCPDF arbitrary file read
Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1) CVE-2014-4940
TheCartPress eCommerce Shopping Cart 'tcp_class_path' Parameter Remote File Include (1.1.1)
Theme My Login Local File Inclusion (6.3.9) CVE-2014-5155
Theme Tuner 'tt-abspath' Parameter Remote File Include (0.7) CVE-2012-0934
Tutor LMS-eLearning and online course solution Local File Inclusion (1.8.7) CVE-2021-24242
Typo3 Restler 1.7.0 Local File Disclosure
Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Local File Inclusion (1.3.64)
Umbraco CMS local file inclusion
Unauthenticated Arbitrary File Read vulnerability in VMware vCenter
vBulletin routestring Local File Inclusion
Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)
Vmax Project Manager Local File Inclusion (1.1)
VMware vCenter vcavbootstrap Arbitrary File Read
webadmin.php script
Wechat Broadcast Local/Remote File Inclusion (1.2.0) CVE-2018-16283
WOOCS-Currency Switcher for WooCommerce Professional Local File Inclusion (1.3.6.2) CVE-2021-24566
WordPress Ad Widget Local File Inclusion (2.11.0)
WordPress Infinite Scroll-Ajax Load More Local File Inclusion (2.11.1)
WordPress plugin Slider Revolution arbitrary file disclosure
WP-Client Lite::Client Portals, File Sharing, Messaging & Invoicing Local File Inclusion (1.1.1) CVE-2014-2383
WP-Lytebox 'pg' Parameter Local File Inclusion (1.3) CVE-2009-4672
wp-publications Local File Inclusion (0.0) CVE-2021-38360
WP e-Commerce Shop Styling Local File Inclusion (2.9.1) CVE-2014-2383
WP e-Commerce Shop Styling Remote File Inclusion (1.7.2) CVE-2013-0724
WP Easy Stats 'homep' Parameter Remote File Include (1.8)
WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)
WP Fastest Cache Local File Inclusion (0.8.5.9)
WP Image Zoom Local File Inclusion (1.46) CVE-2021-24447
WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)
WP Payeezy Pay Local File Inclusion (2.97)
WP Rocket Local File Inclusion (2.10.3) CVE-2017-11658
WP Vault Local File Inclusion (0.8.6.6)
WP with Spritz Local/Remote File Inclusion (1.0)
YARPP-Yet Another Related Posts Local File Inclusion (5.30.3) CVE-2022-45374
Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack
Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161
Zingiri Web Shop 'abspath' Parameter Remote File Include (2.4.6)
Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)