thememove 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk file inclusion and vendor risk sql injection があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き、vendor impact unauthorized access, and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-22708 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4. | [email protected] | 8.1 | 0.51% | 2026-01-08 | 2026-06-17 |
| CVE-2025-22707 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3. | [email protected] | 8.1 | 0.51% | 2026-01-08 | 2026-06-17 |
| CVE-2025-14430 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0. | [email protected] | 8.1 | 0.40% | 2026-01-08 | 2026-06-17 |
| CVE-2025-14429 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6. | [email protected] | 8.1 | 0.40% | 2026-01-08 | 2026-06-17 |
| CVE-2025-60069 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | [email protected] | 8.1 | 0.41% | 2025-12-18 | 2026-06-17 |
| CVE-2025-68062 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | [email protected] | 7.5 | 0.31% | 2025-12-16 | 2026-06-17 |
| CVE-2025-68061 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7. | [email protected] | 7.5 | 0.30% | 2025-12-16 | 2026-06-17 |
| CVE-2025-59564 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-59558 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-59555 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through < 1.9.7. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-58967 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-58958 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-58206 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5. | [email protected] | 8.1 | 0.39% | 2025-09-05 | 2026-06-17 |
| CVE-2025-58210 | Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5. | [email protected] | 5.3 | 0.24% | 2025-09-03 | 2026-06-17 |
| CVE-2025-54701 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3. | [email protected] | 8.1 | 0.36% | 2025-08-14 | 2026-06-17 |
| CVE-2025-54700 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4. | [email protected] | 8.1 | 0.36% | 2025-08-14 | 2026-06-17 |
| CVE-2025-39474 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through <= 3.1.4. | [email protected] | 9.3 | 0.37% | 2025-06-27 | 2026-06-17 |
| CVE-2025-32309 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3. | [email protected] | 8.1 | 0.55% | 2025-05-23 | 2026-06-17 |
| CVE-2021-24950 | The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks | [email protected] | 5.4 | 0.52% | 2022-03-14 | 2026-06-16 |