93392 matches found
CVE-2025-69370
CVE-2025-69370: PHP Object Injection in WordPress Capella theme (Capella
CVE-2025-69329 WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through 1.4.1...
CVE-2025-69329
Deserialization of Untrusted Data in WordPress Theme Prestige (CVE-2025-69329) affects Prestige versions prior to 1.4.1. The issue enables PHP object injection via untrusted data deserialization, with assessed impact described as high confidentiality/integrity/availability concerns. Mitigation: u...
CVE-2025-69328
Deserialization of Untrusted Data in WordPress Booking and Rental Manager for WooCommerce (CVE-2025-69328) allows PHP Object Injection. Affected: Booking and Rental Manager
CVE-2025-69322 WordPress PeakShops theme < 1.5.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes PeakShops peakshops allows PHP Local File Inclusion.This issue affects PeakShops: from n/a through 1.5.9...
CVE-2025-69294 WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...
CVE-2025-69294
CVE-2025-69294 affects the PeakShops WordPress theme (PeakShops) with PHP Object Injection via deserialization of untrusted data. Affected product/version: PeakShops theme up to and including 1.5.9 (n/a through 1.5.9). Root cause: deserialization of untrusted data leading to object injection. Doc...
CVE-2025-68853 WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through = 9.1.1...
CVE-2025-68541
CVE-2025-68541 affects WordPress theme Ippsum up to version 1.2.0, describing a deserialization (PHP object injection) vulnerability. Wordfence and Patchstack corroborate the issue and indicate remediation is to update to a newer version (post-1.2.0). The CVSS metrics in the base entry show overa...
CVE-2025-68543
CVE-2025-68543: Local File Inclusion in WordPress theme Diza (thembay) up to version 1.3.15 due to improper control of include/require filenames. Affected: Diza
CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...
CVE-2025-67997 WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through 1.6.7...
CVE-2025-67996 WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through 1.2.6...
CVE-2025-67997
Travelicious theme (WordPress) ≤ 1.6.6 is affected by a Deserialization of Untrusted Data PHP Object Injection vulnerability due to object deserialization in Travelicious (Travelicious) that allows unauthenticated exploitation. Affected software: Travelicious: from n/a through
CVE-2025-67996 WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through 1.2.6...
CVE-2025-67980 WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through = 1.2.17...
CVE-2025-67988 WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through 1.9.1...
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2026-25326
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in cmsmasters CMSMasters Content Composer cmsmasters-content-composer allows PHP Local File Inclusion.This issue affects CMSMasters Content Composer: from n/a through = 1.4.5...
CVE-2026-27052
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...