CVE-2026-28075

The CVE-2026-28075 entry concerns the WordPress Porto theme (Porto Porto) with a Reflected XSS vulnerability in Porto versions up to 7.6.2. The issue is described as Improper Neutralization of Input During Web Page Generation, enabling reflected cross-site scripting. Affected product: Porto theme...

CVE-2026-28075 WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through = 7.6.2...

WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Porto versions = 7.6.2...

WordPress Porto Theme - Functionality plugin <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta vulnerability

WordPress Porto Theme - Functionality plugin = 3.0.9 - Authenticated Contributor+ Local File Inclusion via Post Meta vulnerability discovered by István Márton - Wordfence in WordPress Plugin Porto Theme - Functionality versions = 3.0.9...

CVE-2025-63066 WordPress Porto Theme - Functionality plugin < 3.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through 3.7.3...

CVE-2023-48739 WordPress Porto Theme Functionality plugin < 2.12.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through 2.12.1...

WordPress Porto plugin <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts vulnerability

Unauthenticated Local File Inclusion via portoajaxposts vulnerability discovered by István Márton in WordPress Theme Porto versions = 7.1.0...

WordPress Porto theme <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta vulnerability

Authenticated Contributor+ Local File Inclusion via Post Meta vulnerability discovered by István Márton in WordPress Theme Porto versions = 7.1.0...

WordPress Porto Theme <= 7.1.0 is vulnerable to Local File Inclusion

Software Porto Type Theme Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3806 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 98785fd04b6f Credits István Márton Required privilege Unauthenticated...

WordPress Porto Theme <= 7.1.0 is vulnerable to Local File Inclusion

Software Porto Type Theme Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-3807 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 38a52e0d2a37 Credits István Márton Required privilege Contributor Published...

WordPress Theme Porto SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...