2168 matches found
CVE-2026-57804
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CodexThemes TheGem Theme Elements for Elementor thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements for Elementor: from n/a through...
CVE-2026-57405
Missing Authorization vulnerability in themehunk Open Shop open-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Shop: from n/a through = 1.7.1...
CVE-2026-57738
Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...
CVE-2026-57368
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme Jobmonster noo-jobmonster allows Reflected XSS.This issue affects Jobmonster: from n/a through = 4.8.5...
Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...
mTheme Unus < 2.3 - Directory Traversal
The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...
WordPress Jannah Theme <5.4.5 - Cross-Site Scripting
WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...
CVE-2026-12685
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator emai...
WordPress 777 theme <= 1.13.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds in WordPress Theme 777 versions = 1.13.0...
WordPress Open Shop theme <= 1.7.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HaiND in WordPress Theme Open Shop versions = 1.7.1...
WordPress Flatsome theme <= 3.20.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Theme Flatsome versions = 3.20.5...
WordPress Nuss theme <= 1.3.6 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nuss versions = 1.3.6...
CVE-2026-57685
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
CVE-2025-69156
Unauthenticated Cross Site Scripting XSS in Kids Zone - Children WordPress Theme = 5.4 versions...
CVE-2025-69155
Unauthenticated Cross Site Scripting XSS in Fitness Zone WordPress Theme = 5.7 versions...
CVE-2025-69154
Unauthenticated Cross Site Scripting XSS in SpaLab | Beauty Salon WordPress Theme = 6.7 versions...
CVE-2026-57685 WordPress Martfury - WooCommerce Marketplace WordPress theme theme <= 3.2.8 - Broken Access Control vulnerability
Subscriber Broken Access Control in Martfury - WooCommerce Marketplace WordPress Theme = 3.2.8 versions...
CVE-2026-27426
CVE-2026-27426 affects the WordPress Automotive Car Dealership Business theme
CVE-2026-27412
Affected software: WordPress Pearl – Corporate Business theme (versions <= 3.4.10). Vulnerability: Local File Inclusion (LFI) that is unauthenticated. Root cause/tech details: Unauthenticated LFI present in Pearl – Corporate Business
CVE-2026-27408
CVE-2026-27408 affects WordPress NativeChurch theme versions