WordPress jQuery googleslides plugin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin jQuery googleslides versions = 1.3...

CVE-2026-6400

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

CVE-2026-3998

The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the jqmath shortcode in all versions up to and including 1.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

CVE-2026-27096

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3...

CVE-2026-27096 WordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3...

CVE-2026-27096

CVE-2026-27096 : Deserialization of Untrusted Data vulnerability in the BuddhaThemes ColorFolio - Freelance Designer WordPress Theme (ColorFolio) up to version 1.3, enabling Object Injection. The issue is described across multiple sources (NVD/Red Hat ENISA/CIRCL, CVE list, PatchStack) with a CVS...

CVE-2026-22449

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Don Peppe donpeppe allows PHP Local File Inclusion.This issue affects Don Peppe: from n/a through = 1.3...

CVE-2026-28027

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Kayon kayon allows PHP Local File Inclusion.This issue affects Kayon: from n/a through = 1.3...

CVE-2025-69411

CVE-2025-69411 pertains to the ionCube tester plus WordPress plugin (ioncube-tester-plus) and is an authenticated? no—unauthenticated arbitrary file download via path traversal. The Nuclei template confirms Local File Inclusion/Arbitrary File Read via the loader-wizard.php parameter 'ininame' in ...

PT-2026-23309

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Kayon kayon allows PHP Local File Inclusion.This issue affects Kayon: from n/a through = 1.3...

CVE-2026-22383

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a...

CVE-2025-68542

Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through = 1.3...

CVE-2025-69385

CVE-2025-69385 : Missing Authorization vulnerability in Cartify (WordPress Theme) allows exploitation of misconfigured access control. Affected: Cartify – WooCommerce Gutenberg WordPress Theme, versions n/a through 1.3. Public details in connected sources describe an Arbitrary Content Deletion im...

CVE-2025-69385 WordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through = 1.3...

CVE-2025-69295 WordPress Coven Core plugin <= 1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through = 1.3...

PT-2026-21213

Name of the Vulnerable Software and Affected Versions axiomthemes Marveland versions through 1.3.0 Description The software contains an Improper Control of Filename for Include/Require Statement issue, specifically a PHP Local File Inclusion. This allows for the inclusion of local files...

WordPress Checkout Gateway for IRIS plugin <= 1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Checkout Gateway for IRIS versions = 1.3...

CVE-2026-22406

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through = 1.3...

CVE-2026-22382

Cross-Site Request Forgery CSRF vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through = 1.3...

CVE-2025-68008

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through = 1.3...