CVE-2026-22504 WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...

CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...

CVE-2026-22504 WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...

CVE-2026-22505

CVE-2026-22505 describes a PHP object injection vulnerability due to deserialization of untrusted data in the WordPress theme Morning Records (Morning Records: Music Sound Studio WordPress Theme) up to version 1.2. Affected component is the Morning Records theme’s PHP deserialization path; exploi...

CVE-2026-22502 WordPress Mr. Cobbler theme <= 1.1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Mr. Cobbler mr-cobbler allows PHP Local File Inclusion.This issue affects Mr. Cobbler: from n/a through = 1.1.9...

CVE-2026-22494 WordPress Good Homes theme <= 1.3.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through = 1.3.13...

CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...

CVE-2026-4815

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0messageids' parameter in '/supportboard/include/ajax.php' endpoint...

CVE-2026-4816

CVE-2026-4816: A Reflected Cross Site Scripting (XSS) vulnerability exists in Support Board v3.7.7. An attacker can craft a malicious URL that injects JavaScript via the search parameter in /supportboard/include/articles.php, causing code execution in the victim’s browser and potentially exfiltra...

CVE-2026-4784

A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit...

PT-2026-27924

Name of the Vulnerable Software and Affected Versions Woody ad snippets versions through 2.7.1 Description A code injection issue exists in Themeisle Woody ad snippets insert-php. The issue involves improper control of code generation, potentially allowing for code injection. The vulnerable...

PT-2026-28018

Name of the Vulnerable Software and Affected Versions CreativeWS VintWood versions n/a through 1.1.8 Description The software contains a flaw due to improper control of filename handling for Include/Require statements in the PHP program, leading to a PHP Local File Inclusion issue. The affected...

PT-2026-28014

Name of the Vulnerable Software and Affected Versions CreativeWS MetaMax versions through 1.1.4 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program, specifically in CreativeWS MetaMax. This allows for PHP Local File Inclusion. The issue...

PT-2026-27958

Name of the Vulnerable Software and Affected Versions TieLabs Jannah versions through 7.6.3 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. This allows for the inclusion of local PHP files...

PT-2026-27818

Name of the Vulnerable Software and Affected Versions AncoraThemes Greenville versions through 1.3.2 Description A flaw exists in the handling of filenames used in include/require statements within the PHP program AncoraThemes Greenville, leading to a PHP Local File Inclusion issue. This allows f...

PT-2026-27825

Name of the Vulnerable Software and Affected Versions ProLingua versions n/a through 1.1.12 Description The software contains an improper control of filename handling for include/require statements, leading to a PHP Local File Inclusion issue. The vulnerable component allows an attacker to includ...

PT-2026-28019

Name of the Vulnerable Software and Affected Versions CreativeWS Kiddy versions through 2.0.8 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local File...

WordPress plugin MetaMax 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-27976

Name of the Vulnerable Software and Affected Versions Mikado-Themes MultiOffice versions n/a through 1.2 Description A flaw exists in the handling of filenames for include/require statements within a PHP program, specifically a PHP Remote File Inclusion issue in Mikado-Themes MultiOffice...

PT-2026-27833

Name of the Vulnerable Software and Affected Versions Elated-Themes Roisin versions through 1.2.1 Description The software contains a flaw related to improper control of filename handling for include/require statements, specifically a PHP Remote File Inclusion issue. This allows for PHP Local Fil...