WordPress Jannah Theme <5.4.4 - Cross-Site Scripting

WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page. id: CVE-2021-24364 info: name: WordPress Jannah Theme 5.4.4 - Cross-Sit...

CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...

WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions = 7.6.3...

CVE-2025-64206

CVE-2025-64206 describes a deserialization of untrusted data vulnerability in the WordPress/Jannah theme, enabling PHP Object Injection in Jannah versions up to and including 7.6.0. The issue is triggered via deserialized data handling in Jannah and is rated with a CVSS v3.1 base score of 9.8 (CR...

CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

CVE-2025-64206 WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

CVE-2025-64206 WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through = 7.6.0...

CVE-2025-64205 WordPress Jannah theme <= 7.6.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.0...

CVE-2025-64207

CVE-2025-64207 concerns TieLabs Jannah WordPress theme (versions

CVE-2025-64205 WordPress Jannah theme <= 7.6.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.0...

CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through = 7.6.0...

WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...

WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...

CVE-2025-53334 WordPress Jannah Theme < 7.5.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through 7.5.1...

CVE-2025-53334 WordPress Jannah Theme < 7.5.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through 7.5.1...

CVE-2025-53334

CVE-2025-53334 is a Local File Inclusion vulnerability in the WordPress Jannah theme (

WordPress Jannah Theme < 7.5.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions 7.5.1...

WordPress Jannah Theme <= 7.4.1 is vulnerable to Local File Inclusion

Software Jannah Type Theme Vulnerable versions = 7.4.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Local File Inclusion CVE CVE-2025-53334 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 923d1ba1de1e Credits Ananda Dhakal Patchstack Required...

CVE-2021-24407

The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action, leading to a Reflected Cross-site Scripting XSS vulnerability...