CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through = 3.5.5...

CVE-2026-24615 WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...

CVE-2026-24615 WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through = 2.1.10...

CVE-2026-24615

CVE-2026-24615 affects Cream Magazine (WordPress theme) up to version 2.1.10. Public docs describe a Missing Authorization vulnerability in cream-magazine that allows exploitation of improperly configured access controls. The Red Hat/RedHat-CVE and CVE databases confirm the issue and indicate the...

CVE-2025-69320 WordPress Grand Magazine theme <= 3.5.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Magazine grandmagazine allows Reflected XSS.This issue affects Grand Magazine: from n/a through = 3.5.7...

CVE-2025-69320

CVE-2025-69320: WordPress Grand Magazine theme (Grand Magazine)

WordPress Cream Magazine theme <= 2.1.10 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by John P in WordPress Theme Cream Magazine versions = 2.1.10...

CVE-2025-53248 WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine eximious-magazine allows PHP Local File Inclusion.This issue affects Magazine: from n/a through = 1.2.2...

CVE-2025-53248 WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine eximious-magazine allows PHP Local File Inclusion.This issue affects Magazine: from n/a through = 1.2.2...

WordPress Magazine Saga Theme <= 1.2.7 is vulnerable to Local File Inclusion

Software Magazine Saga Type Theme Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53227 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 9df23c335ced Credits Le Ngoc Anh Required privilege Unauthenticate...

WordPress Magazine Theme <= 1.2.2 is vulnerable to Local File Inclusion

Software Magazine Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53248 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c0ab4f8e53f9 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Katerio - Magazine theme <= 1.5.1 - Local File Inclusion Vulnerability

WordPress Katerio - Magazine theme = 1.5.1 - Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh in WordPress Theme Katerio - Magazine versions = 1.5.1...

CVE-2024-13770

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

CVE-2023-4824

The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress Plugin WooHoo Newspaper Magazine theme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open an HTML page with the following HTML: document.forms0.submit; See that the plugin's "Header Options Toolbar...

WordPress Delicious Magazine Theme - Remote Code Execution

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...