Vulnerability Details CVE-2025-47531
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events allows PHP Local File Inclusion.This issue affects XT Event Widget for Social Events: from n/a through <= 1.1.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.4%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-47531
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.0
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.1
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.0.2
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.0
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.1
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.2
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.3
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.4
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.5
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.6
-
cpe:2.3:a:xylusthemes:xt_event_widget_for_social_events:1.1.7