thememove CVE 脆弱性と CVE 一覧(19)

製品(CPE): — CVE 件数: 19

thememove 脆弱性概要

thememove 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

一般的な弱点パターンには vendor risk file inclusion and vendor risk sql injection があり、vendor surface production workloads and vendor surface software deployment の利用場面で ファイル上書き、vendor impact unauthorized access, and vendor impact data exposure などのリスクが生じる可能性があります。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 119 / 19 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-22708 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4. [email protected] 8.1 0.51% 2026-01-08 2026-06-17
CVE-2025-22707 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3. [email protected] 8.1 0.51% 2026-01-08 2026-06-17
CVE-2025-14430 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0. [email protected] 8.1 0.40% 2026-01-08 2026-06-17
CVE-2025-14429 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6. [email protected] 8.1 0.40% 2026-01-08 2026-06-17
CVE-2025-60069 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. [email protected] 8.1 0.41% 2025-12-18 2026-06-17
CVE-2025-68062 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. [email protected] 7.5 0.31% 2025-12-16 2026-06-17
CVE-2025-68061 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7. [email protected] 7.5 0.30% 2025-12-16 2026-06-17
CVE-2025-59564 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5. [email protected] 8.1 0.49% 2025-10-22 2026-06-17
CVE-2025-59558 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6. [email protected] 8.1 0.49% 2025-10-22 2026-06-17
CVE-2025-59555 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through < 1.9.7. [email protected] 8.1 0.49% 2025-10-22 2026-06-17
CVE-2025-58967 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4. [email protected] 8.1 0.49% 2025-10-22 2026-06-17
CVE-2025-58958 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5. [email protected] 8.1 0.49% 2025-10-22 2026-06-17
CVE-2025-58206 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5. [email protected] 8.1 0.39% 2025-09-05 2026-06-17
CVE-2025-58210 Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5. [email protected] 5.3 0.24% 2025-09-03 2026-06-17
CVE-2025-54701 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3. [email protected] 8.1 0.36% 2025-08-14 2026-06-17
CVE-2025-54700 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4. [email protected] 8.1 0.36% 2025-08-14 2026-06-17
CVE-2025-39474 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through <= 3.1.4. [email protected] 9.3 0.37% 2025-06-27 2026-06-17
CVE-2025-32309 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3. [email protected] 8.1 0.55% 2025-05-23 2026-06-17
CVE-2021-24950 The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks [email protected] 5.4 0.52% 2022-03-14 2026-06-16
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence