93018 matches found
CVE-2026-22475
CVE-2026-22475 describes a deserialization of untrusted data vulnerability in the WordPress theme Estate (vulnerable from n/a to 1.3.4). The root cause is unauthenticated PHP Object Injection due to deserializing untrusted input, enabling potential manipulation of objects within Estate. The CVSSv...
CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-22456
CVE-2026-22456 affects the WordPress theme Askka (Elated-Themes) up to version 1.0, enabling Local File Inclusion due to improper control of filenames for include/require in PHP. Impact is untrusted local file access under unauthenticated conditions; no patch is provided in the connected document...
CVE-2026-22453
CVE-2026-22453 is a deserialization-based PHP Object Injection vulnerability in the ThemeREX Pets Club WordPress theme (Pets Club) affecting versions up to 2.3. The issue arises from deserializing untrusted data, enabling object injection. The vulnerability is rated critical (CVSS 3.1 9.8) with n...
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22451
CVE-2026-22451: WordPress Handyman theme Handyman (handyman-services) is affected by a Deserialization of Untrusted Data vulnerability enabling PHP Object Injection. The vulnerability affects Handyman versions up to 1.4.7 and is described as unauthenticated, with a CVSS v3.1 base score of 9.8 (CR...
CVE-2026-22446
CVE-2026-22446 affects WordPress theme Prowess (Select-Themes) up to version 1.8.1. Root cause: improper control of filename for include/require in PHP, enabling PHP Local File Inclusion. Impact: high-severity risk (LFI) per sources. Remediation: upgrade to a version later than 1.8.1 (vendor guid...
CVE-2026-22449 WordPress Don Peppe theme <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Don Peppe donpeppe allows PHP Local File Inclusion.This issue affects Don Peppe: from n/a through = 1.3...
CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...
CVE-2026-22441 WordPress Zentrum theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Zentrum zentrum allows PHP Local File Inclusion.This issue affects Zentrum: from n/a through = 1.0...
CVE-2026-22436
CVE-2026-22436 describes an unauthenticated Local File Inclusion in the WordPress theme Helvig by Elated-Themes, affecting Helvig versions up to 1.0. The flaw arises from improper control of the filename used in PHP include/require statements (PHP Local File Inclusion). Public sources identify th...
CVE-2026-22436 WordPress Helvig theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects Helvig: from n/a through = 1.0...
CVE-2026-22433 WordPress CloudMe theme <= 1.2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CloudMe cloudme allows PHP Local File Inclusion.This issue affects CloudMe: from n/a through = 1.2.2...
CVE-2026-22428 WordPress Tooth Fairy theme <= 1.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This issue affects Tooth Fairy: from n/a through = 1.16...
CVE-2026-22425 WordPress Sweet Jane theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through = 1.2...
CVE-2026-22427 WordPress GoTravel theme <= 2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes GoTravel gotravel allows PHP Local File Inclusion.This issue affects GoTravel: from n/a through = 2.1...
CVE-2026-22425 WordPress Sweet Jane theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through = 1.2...
CVE-2026-22417
CVE-2026-22417 describes a deserialization of untrusted data vulnerability in the WordPress theme Grand Wedding (versions through 3.1.0). The issue enables unauthenticated PHP Object Injection via deserialization, with a CVSS v3.1 score of 9.8 (CRITICAL) and NETWORK attack vector, as reported by ...