2135 matches found
WordPress Jannah Theme <5.4.5 - Cross-Site Scripting
WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...
mTheme Unus < 2.3 - Directory Traversal
The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...
EUVD-2025-210254
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
EUVD-2025-210259
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...
CVE-2025-69130
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...
CVE-2025-69115
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
CVE-2025-69128 WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...
CVE-2025-69115 WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
CVE-2024-34810 WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...
CVE-2026-42380
CVE-2026-42380 covers the WordPress AI Lab theme prior to version 5.4.2, which is vulnerable to unauthenticated PHP Object Injection. The Patchstack entry and CVE records indicate the vulnerability is fixed in 5.4.2. Impact is high (remote, unauthenticated) per the CVSS vector: Network, None priv...
CVE-2026-40749 WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...
CVE-2026-40749
The CVE covers the WordPress Charity Zone theme (versions <= 1.1.1) with a Subscriber Arbitrary File Upload vulnerability. The underlying issue enables arbitrary files to be uploaded due to insecure handling in Charity Zone
CVE-2026-40748 WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...
CVE-2026-40731 WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...
CVE-2026-40723 WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability
Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...
CVE-2025-69110 WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...
CVE-2024-49269
CVE-2024-49269 affects the WordPress theme my flatonica <= 0.0.8, with unauthenticated reflected XSS. Affected versions are
CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...
CVE-2026-40754 WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Roisin = 1.4 versions...