CVE-2025-39570

HIGH Year: 2025
CVSS v3 Score
8.8
High
Weakness Type
CWE-98
View all →

Vulnerability Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Lomu WPCOM Member allows PHP Local File Inclusion. This issue affects WPCOM Member: from n/a through 1.7.7.

Related Vulnerabilities

CVE-2022-4606

HIGH
CVSS:8.8(High)

PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.

CWE-982022

CVE-2023-24217

HIGH
CVSS:8.8(High)

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

CWE-982023

CVE-2023-49084

HIGH
CVSS:8.8(High)

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the includ...

CWE-982023

CVE-2024-10436

HIGH
CVSS:8.8(High)

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possib...

CWE-982024

CVE-2024-10873

HIGH
CVSS:8.8(High)

The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible f...

CWE-982024

CVE-2024-10898

HIGH
CVSS:8.8(High)

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes ...

CWE-982024