CVE-2025-64363

CVE-2025-64363 describes a Local/Remote File Inclusion vulnerability in WordPress Kleo ecosystem (Kleo plugin/theme) caused by improper control of filename for Include/Require statements in PHP. Affected: SeventhQueen Kleo versions prior to 5.5.0. Impact: potential PHP native file inclusion leadi...

CVE-2025-64363 WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through 5.5.0...

WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kleo versions 5.5.0...

WordPress Kleo Theme < 5.5.0 is vulnerable to Local File Inclusion

Software Kleo Type Theme Vulnerable versions 5.5.0 Fixed in 5.5.0 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2025-64363 Patch priority Low CVSS severity Low 7.5 Developer EPC PSID 1d3d5f3ae51e Credits João Pedro S Alcântara Kinorth Required privilege...

CVE-2025-39367 WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in SeventhQueen Kleo kleo.This issue affects Kleo: from n/a through 5.4.4...

CVE-2025-39367 WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in SeventhQueen Kleo.This issue affects Kleo: from n/a before 5.4.4...

WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Kleo versions 5.4.4...

WordPress Kleo Theme < 5.4.4 is vulnerable to Broken Access Control

Software Kleo Type Theme Vulnerable versions 5.4.4 Fixed in 5.4.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39367 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 7bef03870816 Credits Ananda Dhakal Patchstack Required privilege...

CVE-2024-56209 WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen Kleo kleo allows Reflected XSS.This issue affects Kleo: from n/a through 5.4.4...

CVE-2024-56209 WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen Kleo allows Reflected XSS.This issue affects Kleo: from n/a before 5.4.4...

CVE-2024-56209

CVE-2024-56209 affects the WordPress theme Kleo (KLEO - Community Focused & Multi-Purpose BuddyPress WordPress Theme). The connected sources confirm a Reflected XSS vulnerability caused by improper neutralization of input during web page generation, affecting Kleo versions before 5.4.4. The impac...

WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Kleo versions 5.4.4...