CVE-2025-47531 | THREATINT

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events allows PHP Local File Inclusion. This issue affects XT Event Widget for Social Events: from n/a through 1.1.7.

PUBLISHED Reserved 2025-05-07 | Published 2025-05-07 | Updated 2025-05-07 | Assigner Patchstack

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Product status

Default status

unaffected

Any version

affected

Credits

timomangcut (Patchstack Alliance) finder

References

patchstack.com/...cal-file-inclusion-vulnerability?_s_id=cve vdb-entry

cve.org (CVE-2025-47531)

nvd.nist.gov (CVE-2025-47531)

Download JSON