Lucene search
K

2172 matches found

CVE
CVE
added yesterday13 views

CVE-2026-57804

CVE-2026-57804 describes an PHP Local File Inclusion in CodexThemes TheGem Theme Elements (for Elementor), specifically TheGem Theme Elements for Elementor up to version 5.11.1. The issue arises from improper control of the filename used in include/require statements, enabling an attacker with au...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57795 WordPress Kitchor theme <= 1.4.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themelexus Kitchor kitchor allows PHP Local File Inclusion.This issue affects Kitchor: from n/a through = 1.4.3...

7.5CVSS0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57796 WordPress Leedo theme <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through = 3.0.0...

7.5CVSS0.00496EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57738

CVE-2026-57738 affects WordPress Theme 777 (axiomthemes) up to version 1.13.0. The issue is a PHP object‑injection via deserialization of untrusted data in the 777 plugin/theme, enabling arbitrary object injection with high impact (CVSS 3.1: 9.8, Network attack, no user interaction). Connected so...

9.8CVSS6.1AI score0.00564EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57405

CVE-2026-57405 affects WordPress Open Shop theme (versions up to and including 1.7.1). The root cause is Missing Authorization due to incorrectly configured access control levels, classified as a Broken Access Control vulnerability. CVSS3.1 metrics indicate a HIGH base score of 7.1 (AV:N/AC:L/PR:...

7.1CVSS6.1AI score0.00321EPSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-57368

CVE-2026-57368 concerns the NooTheme Jobmonster WordPress theme (noo-jobmonster) with a reflected Cross-Site Scripting (XSS) vulnerability described as caused by improper neutralization of input during web page generation. Affected version range is Jobmonster up to and including 4.8.5. The vulner...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-57368 WordPress Jobmonster theme <= 4.8.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.8.5...

7.1CVSS0.00251EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday27 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.1AI score0.55008EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday59 views

Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS7.2AI score0.02145EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday131 views

WordPress Jannah Theme <5.4.5 - Cross-Site Scripting

WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.4AI score0.02697EPSS
Exploits2References4
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-6801 Context Blog <= 1.3.5 - Unauthenticated Sensitive Information Exposure via 'postID' Parameter

The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the contextblogmodalpopup. This makes it possible for unauthenticated attackers to extract the content of password-protected posts...

5.3CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS0.00222EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago4 views

WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme 777 versions = 1.13.0...

9.8CVSS6.1AI score0.00564EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 6 days ago8 views

WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...

7.1CVSS6.1AI score0.00321EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:18 p.m.4 views

WordPress Flatsome theme <= 3.20.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Theme Flatsome versions = 3.20.5...

7.1CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 3:17 p.m.5 views

WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nuss versions = 1.3.6...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57685

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...

4.3CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69156

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69155

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.6 views

CVE-2025-69154

Unauthenticated Cross Site Scripting XSS in SpaLab | Beauty Salon WordPress Theme = 6.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Rows per page
Query Builder