WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Snow Club versions = 1.1...

CVE-2026-27437

CVE-2026-27437 is a PHP Object Injection vulnerability in the ThemeREX Tennis Club WordPress theme (tennis-sportclub), arising from deserialization of untrusted data that enables object injection. Public records in NVD, Red Hat, CVE listings, and PatchStack describe it as deserialization-based, a...

CVE-2026-27437 WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through = 1.2.3...

CVE-2026-27437 WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through = 1.2.3...

CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...

CVE-2026-22453

CVE-2026-22453 is a deserialization-based PHP Object Injection vulnerability in the ThemeREX Pets Club WordPress theme (Pets Club) affecting versions up to 2.3. The issue arises from deserializing untrusted data, enabling object injection. The vulnerability is rated critical (CVSS 3.1 9.8) with n...

CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...

WordPress N7 | Golf Club Sports & Events theme <= 2.16.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme N7 | Golf Club Sports & Events versions = 2.16.0...

WordPress Apollo | Night Club, DJ Event WordPress Theme theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Apollo | Night Club, DJ Event WordPress Theme versions = 1.3.1...

WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tennis Club versions = 1.2.3...

CVE-2025-0515 Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update

The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' function in all versions up to, and including,...

CVE-2025-0515 Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update

The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' function in all versions up to, and including,...

CVE-2025-0515

CVE-2025-0515 : Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme is vulnerable due to a missing capability check in cmsmasters_hide_admin_notice. All versions up to and including 2.0.4 allow authenticated attackers with Subscriber-level access and above to modify option values ...

PT-2025-3932 · WordPress · The Buzz Club – Night Club

Name of the Vulnerable Software and Affected Versions: The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme versions up to, and including, 2.0.4 Description: The issue allows unauthorized modification of data, potentially leading to a denial of service. This is due to a missing...

WordPress Buzz Club Theme plugin <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Option Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Arbitrary Option Update vulnerability discovered by Lucio Sá in WordPress Theme Buzz Club versions = 2.0.4...

CVE-2022-0316

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from...

Design/Logic Flaw

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from...

PT-2023-12626 · WordPress · Club-Theme +9

Name of the Vulnerable Software and Affected Versions: WeStand WordPress theme versions prior to 2.1 footysquare WordPress theme aidreform WordPress theme statfort WordPress theme club-theme WordPress theme kingclub-theme WordPress theme spikes WordPress theme spikes-black WordPress theme...

WordPress club-theme Theme < 10 is vulnerable to Arbitrary File Upload

Software club-theme Type Theme Vulnerable versions 10 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Upload CVE CVE-2022-0316 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c1148e89d858 Credits Joshua Small Required privilege...