Lucene search
K

512 matches found

CVE
CVE
added yesterday15 views

CVE-2026-57797

CVE-2026-57797 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress EduMall theme (ThemeMove EduMall) up to version 4.5.1. The NVD/CVE records and Patchstack entry indicate that access control levels were incorrectly configured, allowing unauthorized access to ...

4.3CVSS6.1AI score0.00329EPSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-57789

Technical details about CVE-2026-57789 are not publicly available in the provided documents; please monitor for updates.

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
CVE
CVE
added yesterday21 views

CVE-2026-57728

CVE-2026-57728 affects the WordPress Flatsome theme (UX-themes) versions up to and including 3.20.5. It is a Reflected Cross-Site Scripting vulnerability caused by improper neutralization of input during web page generation. The CVSSv3.1 base score is 7.1 (HIGH) with Network attack vector, no pri...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday8 views

WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion

Campress theme for WordPress up to 1.35 contains a local file inclusion caused by 'campresswoocommercegetajaxproducts' function, letting unauthenticated attackers include and execute arbitrary PHP files, exploit requires no authentication. id: CVE-2024-10763 info: name: WordPress Campress Theme =...

9.8CVSS7.3AI score0.03593EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2026-54827

CVE-2026-54827 : Unauthenticated SQL Injection affecting WordPress Real Estate 7 theme versions ≤ 3.5.9. The vulnerability arises in the Real Estate 7 component and is exploitable without authentication, with a CVSS v3.1 base score of 9.3 (CRITICAL), indicating potential data exposure and confide...

9.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 12:30 p.m.7 views

WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...

6.5CVSS5.8AI score0.00127EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.31 views

CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

8.1CVSS0.00338EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 10:39 a.m.26 views

CVE-2026-40750

CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...

9.9CVSS5.3AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 2:16 a.m.13 views

CVE-2024-58349

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them...

9.8CVSS0.00674EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/27 1:45 p.m.12 views

WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Choreo versions = 1.6...

8.1CVSS5.8AI score0.00435EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/05/27 1:45 p.m.10 views

WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...

8.1CVSS5.8AI score0.00435EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 7:51 a.m.10 views

CVE-2026-39642 WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.8AI score0.00255EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 5:47 a.m.16 views

WordPress CopyPress theme <= 1.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CopyPress versions = 1.4.5...

5.8AI score0.00348EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-6812

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

4.4CVSS5.9AI score0.0025EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.14 views

VulnCheck KEV: CVE-2024-13421

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...

9.8CVSS7.4AI score0.00747EPSS
In wildExploits0References2
Patchstack
Patchstack
added 2026/04/20 10:34 a.m.12 views

WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Online Store versions = 0.8.9...

5.8AI score0.00273EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:33 a.m.11 views

WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Ecommerce Zone versions = 0.9.7...

5.8AI score0.00434EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/08 9:32 p.m.5 views

EUVD-2024-47052

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6.1AI score0.00332EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through = 3.5.5...

5.4CVSS5.9AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.24 views

CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

5.3CVSS0.0026EPSS
Exploits0References1
Rows per page
Query Builder