CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through = 1.5.10...

CVE-2025-69400

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: from n/a through = 1.1.11...

CVE-2025-69398 WordPress Plank theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Plank plank allows PHP Local File Inclusion.This issue affects Plank: from n/a through = 1.7...

CVE-2025-69399

CVE-2025-69399 describes an Unauthenticated Local File Inclusion in the WordPress Cobble theme (ThemeREX Cobble) up to version 1.7. The issue arises from an improper control of the filename in include/require statements, enabling local file inclusion. Documented impact per sources indicates poten...

CVE-2025-69387 WordPress Simple Retail Menus plugin <= 4.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File Inclusion.This issue affects Simple Retail Menus: from n/a through = 4.2.1...

CVE-2025-69370

CVE-2025-69370: PHP Object Injection in WordPress Capella theme (Capella

CVE-2025-69372 WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through = 1.6.2...

CVE-2025-69329 WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-69328

Deserialization of Untrusted Data in WordPress Booking and Rental Manager for WooCommerce (CVE-2025-69328) allows PHP Object Injection. Affected: Booking and Rental Manager

CVE-2025-69329

Deserialization of Untrusted Data in WordPress Theme Prestige (CVE-2025-69329) affects Prestige versions prior to 1.4.1. The issue enables PHP object injection via untrusted data deserialization, with assessed impact described as high confidentiality/integrity/availability concerns. Mitigation: u...

CVE-2025-69322 WordPress PeakShops theme < 1.5.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through 1.5.9...

CVE-2025-69294

CVE-2025-69294 affects the PeakShops WordPress theme (PeakShops) with PHP Object Injection via deserialization of untrusted data. Affected product/version: PeakShops theme up to and including 1.5.9 (n/a through 1.5.9). Root cause: deserialization of untrusted data leading to object injection. Doc...

CVE-2025-69294 WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...

CVE-2025-68853 WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through = 9.1.1...

CVE-2025-68543

CVE-2025-68543: Local File Inclusion in WordPress theme Diza (thembay) up to version 1.3.15 due to improper control of include/require filenames. Affected: Diza

CVE-2025-68541

CVE-2025-68541 affects WordPress theme Ippsum up to version 1.2.0, describing a deserialization (PHP object injection) vulnerability. Wordfence and Patchstack corroborate the issue and indicate remediation is to update to a newer version (post-1.2.0). The CVSS metrics in the base entry show overa...

CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...

CVE-2025-67997 WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through 1.6.7...

CVE-2025-67996 WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through 1.2.6...

CVE-2025-67997

Travelicious theme (WordPress) ≤ 1.6.6 is affected by a Deserialization of Untrusted Data PHP Object Injection vulnerability due to object deserialization in Travelicious (Travelicious) that allows unauthenticated exploitation. Affected software: Travelicious: from n/a through