93340 matches found
CVE-2026-27337 WordPress Chronicle - Lifestyle Magazine & Blog WordPress Theme theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
CVE-2026-22501 WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...
CVE-2026-22501 WordPress Mounthood theme <= 1.3.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...
CVE-2026-23798 WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through = 11.15.10...
CVE-2026-22477 WordPress Felizia theme <= 1.3.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Felizia felizia allows PHP Local File Inclusion.This issue affects Felizia: from n/a through = 1.3.4...
CVE-2026-22497 WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through = 1.7.2...
CVE-2026-22476 WordPress Etchy theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Etchy etchy allows PHP Local File Inclusion.This issue affects Etchy: from n/a through = 1.0...
CVE-2026-22497 WordPress Jardi theme <= 1.7.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through = 1.7.2...
CVE-2026-22478 WordPress FindAll theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affects FindAll: from n/a through = 1.4...
CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...
CVE-2026-22474 WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through = 1.5...
CVE-2026-22471 WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through = 1.1...
CVE-2026-22475
CVE-2026-22475 describes a deserialization of untrusted data vulnerability in the WordPress theme Estate (vulnerable from n/a to 1.3.4). The root cause is unauthenticated PHP Object Injection due to deserializing untrusted input, enabling potential manipulation of objects within Estate. The CVSSv...
CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-22453
CVE-2026-22453 is a deserialization-based PHP Object Injection vulnerability in the ThemeREX Pets Club WordPress theme (Pets Club) affecting versions up to 2.3. The issue arises from deserializing untrusted data, enabling object injection. The vulnerability is rated critical (CVSS 3.1 9.8) with n...
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22456
CVE-2026-22456 affects the WordPress theme Askka (Elated-Themes) up to version 1.0, enabling Local File Inclusion due to improper control of filenames for include/require in PHP. Impact is untrusted local file access under unauthenticated conditions; no patch is provided in the connected document...
CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...