qodeinteractive 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk file inclusion、vendor risk cross-site scripting, and パス処理の欠陥 に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で ファイル上書き and vendor impact unauthorized access などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-67937 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7. | [email protected] | 8.1 | 0.04% | 2026-01-08 | 2026-02-03 |
| CVE-2025-67936 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3. | [email protected] | 8.1 | 0.04% | 2026-01-08 | 2026-02-03 |
| CVE-2025-67935 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4. | [email protected] | 8.1 | 0.04% | 2026-01-08 | 2026-02-03 |
| CVE-2025-67934 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8. | [email protected] | 8.1 | 0.04% | 2026-01-08 | 2026-04-27 |
| CVE-2025-69034 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8. | [email protected] | 8.1 | 0.12% | 2025-12-30 | 2026-04-27 |
| CVE-2025-69032 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes FiveStar fivestar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FiveStar: from n/a through <= 1.7. | [email protected] | 5.4 | 0.05% | 2025-12-30 | 2026-04-27 |
| CVE-2025-69030 | Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3. | [email protected] | 5.4 | 0.06% | 2025-12-30 | 2026-04-27 |
| CVE-2025-67515 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.5. | [email protected] | 8.8 | 0.14% | 2025-12-09 | 2026-04-27 |
| CVE-2025-66532 | Missing Authorization vulnerability in Mikado-Themes Powerlift powerlift allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Powerlift: from n/a through < 3.2.1. | [email protected] | 4.3 | 0.05% | 2025-12-09 | 2026-04-27 |
| CVE-2025-39467 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through <= 1.7.1. | [email protected] | 8.1 | 0.32% | 2025-11-06 | 2026-04-27 |
| CVE-2025-39466 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dør dor allows PHP Local File Inclusion.This issue affects Dør: from n/a through <= 2.4. | [email protected] | 8.1 | 0.38% | 2025-11-06 | 2026-04-27 |
| CVE-2025-64368 | Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6. | [email protected] | 5.4 | 0.01% | 2025-10-31 | 2026-04-27 |
| CVE-2025-6252 | The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.12% | 2025-06-28 | 2025-07-07 |
| CVE-2025-49297 | Path Traversal: '.../...//' vulnerability in Mikado-Themes Grill and Chow grillandchow allows PHP Local File Inclusion.This issue affects Grill and Chow: from n/a through <= 1.6. | [email protected] | 8.1 | 0.26% | 2025-06-09 | 2026-04-23 |
| CVE-2025-49296 | Path Traversal: '.../...//' vulnerability in Mikado-Themes GrandPrix grandprix allows PHP Local File Inclusion.This issue affects GrandPrix: from n/a through <= 1.6. | [email protected] | 8.1 | 0.26% | 2025-06-09 | 2026-04-23 |
| CVE-2025-49295 | Path Traversal: '.../...//' vulnerability in Mikado-Themes MediClinic mediclinic allows PHP Local File Inclusion.This issue affects MediClinic: from n/a through <= 2.1. | [email protected] | 8.1 | 0.26% | 2025-06-09 | 2026-04-23 |
| CVE-2025-39494 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through < 3.4.2. | [email protected] | 8.1 | 0.55% | 2025-05-23 | 2026-04-23 |
| CVE-2025-39490 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows PHP Local File Inclusion.This issue affects Backpack Traveler: from n/a through <= 2.10.2. | [email protected] | 8.1 | 0.55% | 2025-05-23 | 2026-04-23 |
| CVE-2025-39458 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through <= 2.5.2. | [email protected] | 8.1 | 1.43% | 2025-05-19 | 2026-04-23 |
| CVE-2025-1627 | The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.14% | 2025-05-19 | 2026-01-09 |