WordPress Roam theme <= 2.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Roam versions = 2.1...

CVE-2026-22407

CVE-2026-22407 describes an IDOR-style Authorization Bypass in Mikado-Themes Roam (Roam) WordPress theme. Affected: Roam versions up to 2.1.1. Root cause: access control levels misconfigured, with a user-controlled key allowing bypass to restricted resources. Impact: authorisation bypass could ex...

CVE-2026-22407 WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through = 2.1.1...

WordPress Roam theme <= 2.1.1 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Roam versions = 2.1.1...