57 matches found
CVE-2026-40756 WordPress Zoya theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Zoya = 1.4 versions...
CVE-2026-40759 WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Esmée = 1.4 versions...
WordPress jQuery Hover Footnotes plugin <= 1.4 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by nishida azuka in WordPress Plugin jQuery Hover Footnotes versions = 1.4...
CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...
WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Roisin versions = 1.4...
CVE-2026-24972
Missing Authorization vulnerability in Elated-Themes Elated Listing eltd-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elated Listing: from n/a through = 1.4...
PT-2026-27865
Name of the Vulnerable Software and Affected Versions Elated Listing versions n/a through 1.4 Description A missing authorization flaw exists in Elated-Themes Elated Listing eltd-listing. This issue stems from incorrectly configured access control security levels, potentially allowing unauthorize...
PT-2026-28021
Name of the Vulnerable Software and Affected Versions Elated-Themes Leroux versions prior to 1.4 Description An issue exists in Elated-Themes Leroux that allows for object injection due to the deserialization of untrusted data. This impacts the software's ability to securely handle data input...
WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rosebud versions = 1.4...
WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gioia versions = 1.4...
CVE-2026-22451
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...
WordPress FixTeam theme <= 1.5.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme FixTeam versions = 1.5.0...
CVE-2025-69306
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through = 1.4...
WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin WPBITS Addons For Elementor Page Builder versions = 1.4...
CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2026-24631
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through = 1.4...
CVE-2026-24631 WordPress Rosebud theme <= 1.4 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through = 1.4...
WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Brookside versions = 1.4...
CVE-2025-27004 WordPress Famous - Responsive Image And Video Grid Gallery WordPress Plugin plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Famous - Responsive Image And Video Grid Gallery WordPress Plugin famousgridimageandvideogallery allows Reflected XSS.This issue affects Famous - Responsive Image And Video Grid Galler...
CVE-2025-28949 WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...