4 matches found
CVE-2026-28025
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Stargaze stargaze allows PHP Local File Inclusion.This issue affects Stargaze: from n/a through = 1.5...
WordPress Ironfit theme <= 1.5 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Ironfit versions = 1.5...
CVE-2025-68977
CVE-2025-68977 affects DesignThemes Portfolio Addon (designthemes-portfolio-addon) with a Stored Cross-Site Scripting vulnerability in versions up to 1.5. The Wordfence entry confirms an authenticated (Contributor+) context for exploitation, indicating the issue requires user credentials to trigg...
CVE-2023-2561
The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the galleryremove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with th...