CVE-2026-39567

CVE-2026-39567 concerns the WordPress Santé theme (versions ≤ 1.5.1) with an unauthenticated PHP Object Injection vulnerability. The issue arises in Santé’s PHP handling, enabling an attacker with network access (no user interaction, no privileges) to exploit a PHP Object Injection vector. The CV...

CVE-2026-39554 WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...

CVE-2026-39554

CVE-2026-39554 concerns WordPress Theme Fidalgo (versions

CVE-2026-39529

The CVE identifies an unauthenticated PHP Object Injection in WordPress Elementra theme

CVE-2026-39539

Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...

CVE-2026-39539 WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...

CVE-2026-39529 WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...

CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...

CVE-2026-39443 WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...

CVE-2026-39446

The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...

CVE-2026-39443

CVE-2026-39443 affects the WordPress EmallShop theme (versions &lt;= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...

CVE-2026-27429

CVE-2026-27429 concerns the WordPress Nifty theme (versions

CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...

CVE-2026-12256

The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...

CVE-2026-12256 WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Avada = 3.15.3 versions...

CVE-2025-69122

CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...

CVE-2025-69122 WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...

CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...

CVE-2025-69108

CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (&lt;= 1.7). The description specifies unauthenticated object injection in Hot Coffee

CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...