Vulnerability Details CVE-2025-47531
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events allows PHP Local File Inclusion. This issue affects XT Event Widget for Social Events: from n/a through 1.1.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.8%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-47531
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.0
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.1
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.2
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.0
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.1
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.2
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.3
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.4
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.5
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.6
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.7