CVE-2026-22449 WordPress Don Peppe theme <= 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Don Peppe donpeppe allows PHP Local File Inclusion.This issue affects Don Peppe: from n/a through = 1.3...

CVE-2026-22406

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through = 1.3...

PT-2026-4138

Name of the Vulnerable Software and Affected Versions Edge-Themes Overworld versions through 1.3 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

CVE-2025-23568

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fredsted WP Login Attempt Log wp-login-attempt-log allows Reflected XSS.This issue affects WP Login Attempt Log: from n/a through = 1.3...

CVE-2025-49428

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dourou Cookie Warning allows Stored XSS. This issue affects Cookie Warning: from n/a through 1.3...

CVE-2025-49426 WordPress Kitring Theme <= 2.8 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dahz Kitring kitring allows PHP Local File Inclusion.This issue affects Kitring: from n/a through = 2.8...

CVE-2025-22655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Caio Web Dev CWD – Stealth Links cwd-stealth-links allows SQL Injection.This issue affects CWD – Stealth Links: from n/a through = 1.3...