93304 matches found
CVE-2026-32484 WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-32484 WordPress weForms plugin <= 1.6.26 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldGrid weForms weforms allows Object Injection.This issue affects weForms: from n/a through = 1.6.26...
CVE-2026-27079
CVE-2026-27079 corresponds to a Local File Inclusion vulnerability in WordPress Amfissa (Mikado-Themes) theme, described as Improper Control of Filename for Include/Require in PHP (PHP Remote File Inclusion). Affected software: Mikado-Themes Amfissa amfissa, versions n/a through 1.1. Root cause: ...
CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-27075 WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through = 1.0...
CVE-2026-27075
CVE-2026-27075 concerns an Improper Control of Filename for Include/Require Statement (PHP Local File Inclusion) in Mikado-Themes Belfort (WordPress theme Belfort). The vulnerability allows Local File Inclusion due to inadequate validation of filenames used in PHP include/require, affecting Belfo...
CVE-2026-27076 WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through = 1.0...
CVE-2026-27076
CVE-2026-27076 is a Local File Inclusion in the WordPress LuxeDrive theme (1.0 or appropriate mitigation from the patch source; monitor for patches and advisories if you manage LuxeDrive deployments. If exact patch version not yet released in your environment, consider temporary mitigations until...
CVE-2026-27047 WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through = 2.1.6...
CVE-2026-27045 WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through = 1.6.2...
CVE-2026-25429 WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through = 1.1.1...
CVE-2026-25429 WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through = 1.1.1...
CVE-2026-25400
CVE-2026-25400 affects WordPress Theme Apicona (versions up to 24.1.0). The issue is a deserialization of untrusted data that enables object injection. CVSS v3.1: 8.8 (HIGH); vector CVSS:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Impact spans confidentiality, integrity, and availability. Root cause des...
CVE-2026-25382 WordPress IdealAuto theme < 3.8.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through 3.8.6...
CVE-2026-25382 WordPress IdealAuto theme < 3.8.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jwsthemes IdealAuto idealauto allows PHP Local File Inclusion.This issue affects IdealAuto: from n/a through 3.8.6...
CVE-2026-25366 WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...
CVE-2026-25359 WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through 3.1.5...
CVE-2026-25360
CVE-2026-25360 corresponds to a Deserialization of Untrusted Data vulnerability in the Vex plugin by Vex (Vex) for WordPress. Affected product: Vex = 1.2.9). Connected Wordfence details also list the CVE-2026-25360 under the Wordfence vulnerability repository with the same patched status and attr...
CVE-2026-25366 WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through = 2.7.1...
CVE-2026-25358
The CVE-2026-25358 entry covers a PHP object-injection vulnerability in the WordPress Meloo theme, affecting Meloo versions prior to 2.8.2. Root cause: deserialization of untrusted data could lead to object injection. Impact as stated includes high confidentiality, integrity, and availability con...