527 matches found
EUVD-2026-37600
Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...
CVE-2026-40748
Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...
CVE-2026-40748 WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability
Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...
CVE-2026-40748
CVE-2026-40748 affects the WordPress Kids Gift Shop theme (versions ≤ 0.5.4). The vulnerability is described as an Arbitrary File Upload in the Subscriber context. Public details in connected sources indicate a very high severity CVSS v3.1 score (9.9, CRITICAL) with network access, low attack com...
CVE-2026-40750
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...
CVE-2026-40750 WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...
EUVD-2026-37065
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...
CVE-2026-40750
CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...
A week in security (June 8 – June 14)
Last week on Malwarebytes Labs: Stolen iPhones could soon be worth a lot less to thieves Fake verification pages are stealing Steam accounts from players Google can be liable for false AI Overviews, court rules VRChat says reported data breach never happened Children’s phones must block nude imag...
Roblox clamps down on chats and age checks as legal pressure builds
Roblox has long faced criticism over child safety on its platform. Now it has started settling with state attorneys over the issue, and the total is climbing fast. On April 21, Alabama Attorney General Steve Marshall announced a $12.2 million settlement with the child-focused online gaming...
WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Online Store versions = 0.8.9...
WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Gift Shop versions = 0.5.4...
@kids-reporter/cms-core (>=1.0.17 <=1.0.36), @kids-reporter/draft-editor (>=1.0.19 <=1.0.36) potentially affected by CVE-2025-46720 +1 more via @keystone-6/core (=6.5.1)
@keystone-6/core NPM version =6.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on @keystone-6/core and may be impacted: - @kids-reporter/cms-core =1.0.17, =1.0.19, =1.0.36 Source cves: CVE-2025-46720, CVE-2026-33326 Source advisory:...
CVE-2025-67619
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...
CVE-2025-67619
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...
CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...
CVE-2025-67619
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...
CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...
CVE-2025-67619
CVE-2025-67619 describes a PHP object-injection via deserialization in the WordPress Kids Heaven theme (Kids Heaven: kids-world) for versions up to and including 3.2. Root cause: deserialization of untrusted data leading to object injection. Impact: high (per CVSS) across confidentiality, integri...
WordPress plugin Kids Heaven: Code-related vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...