CVE-2026-23973

CVE-2026-23973 affects uxper Golo WordPress theme versions prior to 1.7.5. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Several connected sources corroborate the vulnerability in Golo

CVE-2026-23975

CVE-2026-23975 is a WordPress Golo theme vulnerability (Golo

CVE-2026-23974 WordPress Golo theme < 1.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through 1.7.5...

PT-2026-4246

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through 1.7.5...

PT-2026-4737

Summary The latest versions of both 4.x and 5.x are using Axios versions 1.7.5 and as such are subject to known vulnerabilities as per: https://security.snyk.io/package/npm/axios Details We've had this flagged up in a pen test, which indicates the issue stems from this script: /freeform/plugin.js...

EUVD-2025-35438

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through 1.7.5...

CVE-2025-59557

CVE-2025-59557 concerns a SQL injection in the WordPress plugin Learts Addons (versions prior to 1.7.5). The root cause is improper neutralization of special elements used in SQL commands in the learts-addons component, enabling potential SQL injection attacks. Affected product: WordPress plugin ...

WordPress Opal Estate Pro 1.7.5 Privilege Escalation

WordPress Opal Estate Pro plugin versions 1.7.5 and below suffers from a privilege escalation vulnerability...