CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

CVE-2026-39712

The CVE-2026-39712 issue is in the WordPress tagDiv Composer plugin, specifically the td-composer component, and affects versions up to and including 5.4.3. The root cause is Improper Neutralization of Script-Related HTML Tags, enabling Code Injection/Arbitrary Shortcode Execution. Impact is desc...

CVE-2026-39640 WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

CVE-2026-39640

Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...

CVE-2026-39629

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

CVE-2026-39629 WordPress Uminex theme <= 1.0.9 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...

CVE-2026-39629

CVE-2026-39629 affects kutethemes Uminex WordPress theme versions up to and including 1.0.9. The issue is described as Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) that allows Code Injection via shortcode handling, leading to arbitrary shortcode execution. Concret...

CVE-2026-39628

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

CVE-2026-39626

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...

CVE-2026-39625

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...

CVE-2026-39626 WordPress Armania theme <= 1.4.8 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...

CVE-2026-39625

The CVE refers to WordPress TechOne theme (kutethemes) versions up to and including 3.0.3, describing an improper neutralization of script-related HTML tags in a web page that enables code injection. The linked records also classify the impact as basic XSS and associate it with arbitrary shortcod...

CVE-2026-39628

CVE-2026-39628 affects the WordPress DukaMarket theme (kutethemes)

CVE-2026-39625 WordPress TechOne theme <= 3.0.3 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...

CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

CVE-2026-39626 WordPress Armania theme <= 1.4.8 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...

CVE-2026-39626

CVE-2026-39626 concerns the WordPress kutethemes Armania theme (

Multiple vulnerabilities in Movable Type

Overview The Listing Framework of Movable Type provided by Six Apart Ltd. contains multiple vulnerabilities listed below. Code injection CWE-94 - CVE-2026-25776 SQL injection CWE-89 - CVE-2026-33088 CVE-2026-25776 Sho Odagiri of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to Six...

WordPress plugin Theme Editor 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...