CVE-2026-39603

Summary: CVE-2026-39603 is a CSRF vulnerability in the WordPress theme “ThemeGoods Grand Photography grandphotography” affecting Grand Photography versions from n/a up to and including 5.7.8. The issue is a Cross-Site Request Forgery, with CVSS 3.1 base score 5.4 (Medium): network attacker, no pr...

CVE-2026-27043

CVE-2026-27043 affects the WordPress Photography theme (ThemeGoods Photography). The vulnerability is described as an authenticated (Editor+) Arbitrary File Upload vulnerability that arises in Photography versions up to 7.7.5, with public notes indicating exposure risk and path traversal implicat...

CVE-2026-27043 WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6...

CVE-2026-27043 WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6...

WordPress Photography theme < 7.7.6 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Phat RiO in WordPress Theme Photography versions 7.7.6...

CVE-2026-32436 WordPress VW Photography theme <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through = 1.3.8...

CVE-2026-32436

CVE-2026-32436 concerns the WordPress VW Photography theme (vw-photography) up to version 1.3.8, where a Missing Authorization vulnerability constitutes a Broken Access Control issue due to incorrectly configured security levels. The affected product is the VW Photography theme for WordPress; the...

CVE-2026-27348

CVE-2026-27348 affects ThemeGoods Photography (WordPress theme). The issue is an improper neutralization of input during web page generation, enabling DOM-based XSS. Affected: Photography theme versions before 7.7.6 (per CVE entry; related sources reference Photography ≤ 7.6.x/7.7.6). Impact is D...

CVE-2026-27348 WordPress Photography theme < 7.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Photography photography allows DOM-Based XSS.This issue affects Photography: from n/a through 7.7.6...

WordPress Photography theme <= 7.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Photography versions = 7.6.1...

CVE-2025-69368

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through = 3.0.3...

CVE-2025-69367

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

CVE-2025-69367

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

CVE-2025-69367

CVE-2025-69367 affects the GT3themes Oyster - Photography WordPress Theme and is described as an improper input neutralization leading to a DOM-based XSS vulnerability in oyster. Affected versions: Oyster Theme from n/a through

CVE-2025-69368

CVE-2025-69368 is a DOM-based XSS in GT3themes SOHO – Photography WordPress Theme (soho) up to version 3.0.3, caused by improper input neutralization during web page generation. Public sources (NVD/Red Hat/CVE listing) describe the vulnerability as cross-site scripting with DOM-based execution an...

CVE-2025-69368 WordPress SOHO - Photography WordPress Theme theme <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through = 3.0.3...

CVE-2025-69367 WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

CVE-2025-69367 WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

PT-2026-21149

Name of the Vulnerable Software and Affected Versions GT3themes Oyster - Photography WordPress Theme versions through 4.4.3 Description The GT3themes Oyster - Photography WordPress Theme contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-si...

PT-2026-21150

Name of the Vulnerable Software and Affected Versions GT3themes SOHO - Photography WordPress Theme versions through 3.0.3 Description The GT3themes SOHO - Photography WordPress Theme contains a flaw related to improper input handling during web page generation, leading to a DOM-Based Cross-site...