Aggregates CVE and security vulnerability intelligence across all thememove-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk file inclusion and vendor risk sql injection, with potential vendor impact file overwrite and vendor impact unauthorized access across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-22708 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4. | [email protected] | 8.1 | 0.51% | 2026-01-08 | 2026-06-17 |
| CVE-2025-22707 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3. | [email protected] | 8.1 | 0.51% | 2026-01-08 | 2026-06-17 |
| CVE-2025-14430 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through <= 2.9.0. | [email protected] | 8.1 | 0.40% | 2026-01-08 | 2026-06-17 |
| CVE-2025-14429 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6. | [email protected] | 8.1 | 0.40% | 2026-01-08 | 2026-06-17 |
| CVE-2025-60069 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | [email protected] | 8.1 | 0.41% | 2025-12-18 | 2026-06-17 |
| CVE-2025-68062 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6. | [email protected] | 7.5 | 0.31% | 2025-12-16 | 2026-06-17 |
| CVE-2025-68061 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7. | [email protected] | 7.5 | 0.30% | 2025-12-16 | 2026-06-17 |
| CVE-2025-59564 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through < 4.4.5. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-59558 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through < 2.1.6. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-59555 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Medizin medizin allows PHP Local File Inclusion.This issue affects Medizin: from n/a through < 1.9.7. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-58967 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-58958 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5. | [email protected] | 8.1 | 0.49% | 2025-10-22 | 2026-06-17 |
| CVE-2025-58206 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects MaxCoach: from n/a through <= 3.2.5. | [email protected] | 8.1 | 0.39% | 2025-09-05 | 2026-06-17 |
| CVE-2025-58210 | Missing Authorization vulnerability in ThemeMove Makeaholic makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through <= 1.8.5. | [email protected] | 5.3 | 0.24% | 2025-09-03 | 2026-06-17 |
| CVE-2025-54701 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.6.3. | [email protected] | 8.1 | 0.36% | 2025-08-14 | 2026-06-17 |
| CVE-2025-54700 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic makeaholic allows PHP Local File Inclusion.This issue affects Makeaholic: from n/a through <= 1.8.4. | [email protected] | 8.1 | 0.36% | 2025-08-14 | 2026-06-17 |
| CVE-2025-39474 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely amely allows SQL Injection.This issue affects Amely: from n/a through <= 3.1.4. | [email protected] | 9.3 | 0.37% | 2025-06-27 | 2026-06-17 |
| CVE-2025-32309 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul healsoul allows PHP Local File Inclusion.This issue affects Healsoul: from n/a through <= 2.2.3. | [email protected] | 8.1 | 0.55% | 2025-05-23 | 2026-06-17 |
| CVE-2021-24950 | The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks | [email protected] | 5.4 | 0.52% | 2022-03-14 | 2026-06-17 |