Vulnerability Details CVE-2025-47531
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events allows PHP Local File Inclusion. This issue affects XT Event Widget for Social Events: from n/a through 1.1.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.9%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-47531
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.0
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.1
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.2
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.0
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.1
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.2
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.3
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.4
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.5
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.6
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.7