Lucene search
K

2168 matches found

CVE
CVE
added 2 hours ago11 views

CVE-2026-57804

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago3 views

CVE-2026-57405

Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago7 views

CVE-2026-57738

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 2 hours ago1 views

CVE-2026-57368

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.8.5...

7.1CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added yesterday59 views

Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS7.2AI score0.02145EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday27 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.1AI score0.55008EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday131 views

WordPress Jannah Theme <5.4.5 - Cross-Site Scripting

WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.4AI score0.02697EPSS
Exploits2References4
NVD
NVD
added 3 days ago8 views

CVE-2026-12685

The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...

7.5CVSS0.00222EPSS
Exploits0References1
Patchstack
Patchstack
added 4 days ago3 views

WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme 777 versions = 1.13.0...

9.8CVSS6.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago6 views

WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...

7.1CVSS6.1AI score
Exploits0Affected Software1
Patchstack
Patchstack
added last week3 views

WordPress Flatsome theme <= 3.20.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Theme Flatsome versions = 3.20.5...

7.1CVSS5.9AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 3:17 p.m.4 views

WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nuss versions = 1.3.6...

7.5CVSS5.9AI score
Exploits0Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57685

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...

4.3CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69156

Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.5 views

CVE-2025-69155

Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 p.m.6 views

CVE-2025-69154

Unauthenticated Cross Site Scripting XSS in SpaLab | Beauty Salon WordPress Theme = 6.7 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57685 WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability

Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...

4.3CVSS0.00254EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.17 views

CVE-2026-27426

CVE-2026-27426 affects the WordPress Automotive Car Dealership Business theme

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.10 views

CVE-2026-27412

Affected software: WordPress Pearl – Corporate Business theme (versions &lt;= 3.4.10). Vulnerability: Local File Inclusion (LFI) that is unauthenticated. Root cause/tech details: Unauthenticated LFI present in Pearl – Corporate Business

8.1CVSS5.8AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.14 views

CVE-2026-27408

CVE-2026-27408 affects WordPress NativeChurch theme versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder