93341 matches found
CVE-2026-22449 WordPress Don Peppe theme <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Don Peppe donpeppe allows PHP Local File Inclusion.This issue affects Don Peppe: from n/a through = 1.3...
CVE-2026-22446
CVE-2026-22446 affects WordPress theme Prowess (Select-Themes) up to version 1.8.1. Root cause: improper control of filename for include/require in PHP, enabling PHP Local File Inclusion. Impact: high-severity risk (LFI) per sources. Remediation: upgrade to a version later than 1.8.1 (vendor guid...
CVE-2026-22451
CVE-2026-22451: WordPress Handyman theme Handyman (handyman-services) is affected by a Deserialization of Untrusted Data vulnerability enabling PHP Object Injection. The vulnerability affects Handyman versions up to 1.4.7 and is described as unauthenticated, with a CVSS v3.1 base score of 9.8 (CR...
CVE-2026-22441 WordPress Zentrum theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Zentrum zentrum allows PHP Local File Inclusion.This issue affects Zentrum: from n/a through = 1.0...
CVE-2026-22436
CVE-2026-22436 describes an unauthenticated Local File Inclusion in the WordPress theme Helvig by Elated-Themes, affecting Helvig versions up to 1.0. The flaw arises from improper control of the filename used in PHP include/require statements (PHP Local File Inclusion). Public sources identify th...
CVE-2026-22436 WordPress Helvig theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Helvig helvig allows PHP Local File Inclusion.This issue affects Helvig: from n/a through = 1.0...
CVE-2026-22433 WordPress CloudMe theme <= 1.2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CloudMe cloudme allows PHP Local File Inclusion.This issue affects CloudMe: from n/a through = 1.2.2...
CVE-2026-22428 WordPress Tooth Fairy theme <= 1.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This issue affects Tooth Fairy: from n/a through = 1.16...
CVE-2026-22425 WordPress Sweet Jane theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through = 1.2...
CVE-2026-22425 WordPress Sweet Jane theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Sweet Jane sweetjane allows PHP Local File Inclusion.This issue affects Sweet Jane: from n/a through = 1.2...
CVE-2026-22427 WordPress GoTravel theme <= 2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes GoTravel gotravel allows PHP Local File Inclusion.This issue affects GoTravel: from n/a through = 2.1...
CVE-2026-22417
CVE-2026-22417 describes a deserialization of untrusted data vulnerability in the WordPress theme Grand Wedding (versions through 3.1.0). The issue enables unauthenticated PHP Object Injection via deserialization, with a CVSS v3.1 score of 9.8 (CRITICAL) and NETWORK attack vector, as reported by ...
CVE-2026-22421
CVE-2026-22421 affects AncoraThemes Quantum WordPress theme (Quantum)
CVE-2026-22421 WordPress Quantum theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Quantum quantum allows PHP Local File Inclusion.This issue affects Quantum: from n/a through = 1.0...
CVE-2026-22419 WordPress Honor theme <= 2.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Honor honor allows PHP Local File Inclusion.This issue affects Honor: from n/a through = 2.3...
CVE-2026-22420
CVE-2026-22420 pertains to the Horizon WordPress theme (AncoraThemes Horizon) with a Local File Inclusion vulnerability via improper control of the include/require filename, affecting Horizon versions up to and including 1.1. Public documentation in the connected sources confirms the vulnerabilit...
CVE-2026-22417 WordPress Grand Wedding theme < 3.1.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through 3.1.11...
CVE-2026-22415 WordPress The Mounty theme <= 1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Mounty the-mounty allows PHP Local File Inclusion.This issue affects The Mounty: from n/a through = 1.1...
CVE-2026-22416 WordPress FixTeam theme <= 1.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes FixTeam fixteam allows PHP Local File Inclusion.This issue affects FixTeam: from n/a through = 1.5.0...
CVE-2026-22408
CVE-2026-22408 is a Local File Inclusion vulnerability affecting Mikado-Themes Justicia WordPress theme (and Justicia plugin entry) up to version 1.2. The root cause is improper control of filename for include/require statements, enabling PHP Local File Inclusion. The CVE entry notes impact as hi...