CVE-2026-40748

CVE-2026-40748 affects the WordPress Kids Gift Shop theme (versions ≤ 0.5.4). The vulnerability is described as an Arbitrary File Upload in the Subscriber context. Public details in connected sources indicate a very high severity CVSS v3.1 score (9.9, CRITICAL) with network access, low attack com...

CVE-2026-40748 WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

CVE-2026-40747 WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

CVE-2026-40747

CVE-2026-40747 affects the WordPress Ecommerce Zone theme (versions &lt;= 0.9.7) and is an Arbitrary File Upload vulnerability. The connected documents confirm a subscriber Arbitrary File Upload issue in Ecommerce Zone

CVE-2026-40746 WordPress Restaurant Zone theme <= 0.7.8 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Restaurant Zone = 0.7.8 versions...

CVE-2026-40746

The CVE-2026-40746 entry concerns WordPress Theme Restaurant Zone (versions

CVE-2026-39589 WordPress Webenvo theme <= 0.0.6 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Webenvo = 0.0.6 versions...

CVE-2026-39589

The CVE-2026-39589 affects the WordPress Webenvo theme

CVE-2026-27041

CVE-2026-27041 : Affected software is WordPress Unlimited Elements for Elementor – Premium, versions

CVE-2026-27041 WordPress Unlimited Elements for Elementor (Premium) plugin <= 2.0.6 - Arbitrary File Upload vulnerability

Contributor Arbitrary File Upload in Unlimited Elements for Elementor Premium = 2.0.6 versions...

CVE-2026-25446 WordPress WishList Member X plugin <= 3.29.0 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in WishList Member X = 3.29.0 versions...

CVE-2026-25446

CVE-2026-25446 affects the WordPress plugin Wishlist Member X (WishList Member X) up to version 3.29.0. The vulnerability is an authenticated Arbitrary File Upload that could enable a subscriber to upload arbitrary files on affected sites. According to the provided sources, this CVE is currently ...

CVE-2026-22327

CVE-2026-22327 : WordPress Restaurt theme

CVE-2026-22327 WordPress Restaurt theme <= 1.0.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Restaurt = 1.0.4 versions...

CVE-2025-69129 WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site plugin <= 1.0.7 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...

CVE-2025-69129

CVE-2025-69129 concerns the WordPress WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (versions

CVE-2025-60218

CVE-2025-60218 concerns the WordPress plugin “PT Luxa Addons” (versions

CVE-2025-60218 WordPress PT Luxa Addons Plugin <= 1.2.2 - Arbitrary File Upload Vulnerability

Subscriber Arbitrary File Upload in PT Luxa Addons = 1.2.2 versions...

CVE-2024-52488

CVE-2024-52488 affects WordPress Grip theme (versions ≤ 1.0.9). The issue is an Arbitrary Plugin Activation/Deactivation vulnerability leading to RCE, requiring Subscriber privileges. Patch status is not clearly available in the provided docs; Patchstack indicates high risk with a potential explo...

CVE-2024-52488 WordPress Grip theme <= 1.0.9 - Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Subscriber Arbitrary File Upload in Grip = 1.0.9 versions...