CVE-2026-22373 WordPress Fooddy theme <= 1.3.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Fooddy fooddy allows PHP Local File Inclusion.This issue affects Fooddy: from n/a through = 1.3.10...

CVE-2026-22371 WordPress Gustavo theme <= 1.2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affects Gustavo: from n/a through = 1.2.2...

CVE-2026-22371 WordPress Gustavo theme <= 1.2.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affects Gustavo: from n/a through = 1.2.2...

CVE-2026-22363

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rhodos: from n/a through = 1.3.3...

CVE-2026-22364 WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through =1.0.2...

CVE-2026-22362

CVE-2026-22362 affects the WordPress Photolia theme ( Photolia &lt;= 1.0.3 ). The issue is a PHP Local File Inclusion caused by improper control of filenames in include/require statements. This enables reading local files. The vulnerability is rated as HIGH (CVSS 3.1: 8.1) with network attack vec...

CVE-2026-22354

Summary of CVE-2026-22354 (WordPress WooCommerce Banner Management plugin &lt;= 2.5.1): The issue is a PHP object injection due to deserialization of untrusted data in the Banner Management for WooCommerce component. Affected product/version: Banner Management, Product Slider & Carousel for WooCo...

CVE-2026-22356

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...

CVE-2026-22356 WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...

CVE-2026-22361 WordPress A-Mart theme <= 1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-Mart: from n/a through = 1.0.2...

CVE-2026-22354 WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through = 2.5.1...

CVE-2026-22346

CVE-2026-22346 refers to a deserialization of untrusted data (PHP Object Injection) in the WordPress plugin Slider Responsive Slideshow – Image slider, Gallery slideshow (versions up to and including 1.5.4). Multiple sources confirm the vulnerability and its impact, with Red Hat, NVD, CVE lists, ...

CVE-2026-22345

CVE-2026-22345 stems from a deserialization/ object-injection flaw in the WordPress plugin family Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery (component: new-image-gallery). The Red Hat/NVD entries and PatchStack corroborate that versions up to and including 1.6.0 ...

CVE-2025-69407 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

CVE-2025-69407

CVE-2025-69407 affects WordPress Struktur theme &lt;= 2.5.1. The issue is Local File Inclusion due to Improper Control of Filename for Include/Require in PHP, enabling potential PHP Local File Inclusion. Affected product/feature: Struktur theme (WordPress). Root cause: improper filename handling ...

CVE-2025-69408 WordPress HealthFirst theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirst: from n/a through = 1.0.1...

CVE-2025-69409 WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ | Life & Business Coaching: from n/a through = 3.0.0...

CVE-2025-69409 WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ | Life & Business Coaching: from n/a through = 3.0.0...

CVE-2025-69400 WordPress Yokoo theme <= 1.1.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: from n/a through = 1.1.11...

CVE-2025-69402

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX R rf allows PHP Local File Inclusion.This issue affects R: from n/a through = 1.5...