cleantalk
Vulnerabilities and Security Researches

Favorites, CVE-2025-60202

CVE, Research URL

CVE-2025-60202

Home page URL

Security reports for Favorites

Application

Favorites

Published on
Nov 06, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kyle Phillips Favorites favorites allows PHP Local File Inclusion.This issue affects Favorites: from n/a through <= 2.3.6.
Affected versions
max 2.3.6.
Status
vulnerable
Previous vulnerability researches
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2024-32588) , Jun 07, 2024
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2024-31241) , Jun 07, 2024
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2023-30487) , Jun 07, 2024
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2025-60200) , Nov 10, 2025
LearnPress Export Import &#8211; WordPress extension for LearnPress (CVE-2025-49992) , Nov 10, 2025
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates &amp; Open Badges &#8211; Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu &#8211; PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025