512 matches found
CVE-2026-57797
CVE-2026-57797 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress EduMall theme (ThemeMove EduMall) up to version 4.5.1. The NVD/CVE records and Patchstack entry indicate that access control levels were incorrectly configured, allowing unauthorized access to ...
CVE-2026-57789
Technical details about CVE-2026-57789 are not publicly available in the provided documents; please monitor for updates.
CVE-2026-57728
CVE-2026-57728 affects the WordPress Flatsome theme (UX-themes) versions up to and including 3.20.5. It is a Reflected Cross-Site Scripting vulnerability caused by improper neutralization of input during web page generation. The CVSSv3.1 base score is 7.1 (HIGH) with Network attack vector, no pri...
WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion
Campress theme for WordPress up to 1.35 contains a local file inclusion caused by 'campresswoocommercegetajaxproducts' function, letting unauthenticated attackers include and execute arbitrary PHP files, exploit requires no authentication. id: CVE-2024-10763 info: name: WordPress Campress Theme =...
CVE-2026-54827
CVE-2026-54827 : Unauthenticated SQL Injection affecting WordPress Real Estate 7 theme versions ≤ 3.5.9. The vulnerability arises in the Real Estate 7 component and is exploitable without authentication, with a CVSS v3.1 base score of 9.3 (CRITICAL), indicating potential data exposure and confide...
WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...
CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...
CVE-2026-40750
CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...
CVE-2024-58349
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them...
WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Choreo versions = 1.6...
WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...
CVE-2026-39642 WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...
WordPress CopyPress theme <= 1.4.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CopyPress versions = 1.4.5...
CVE-2026-6812
The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...
VulnCheck KEV: CVE-2024-13421
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...
WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Online Store versions = 0.8.9...
WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Ecommerce Zone versions = 0.9.7...
EUVD-2024-47052
The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through = 3.5.5...
CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...