CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through = 1.5.10...

CVE-2025-14357

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

CVE-2025-14357 Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setupwidgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wit...

PT-2026-20616

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...

CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...

CVE-2026-24612

CVE-2026-24612 is a missing Authorization vulnerability in the WordPress plugin/theme Orchid Store (theme version 1.5.15) or apply vendor-provided fixes once available. If no upgrade is feasible, monitor for official patches and advisories from the vendor.

CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...

EUVD-2024-47966

Malicious code in bioql PyPI...

EUVD-2023-31207

Malicious code in bioql PyPI...

WordPress Cena Store <= 2.11.26 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Cena Store versions = 2.11.26...

CVE-2023-27431

Cross-Site Request Forgery CSRF vulnerability in ThemeHunk Big Store theme = 1.9.3 versions...

CVE-2015-4582

The TheCartPress boot-store aka Boot Store theme 1.6.4 for WordPress allows header.php tcpregistererror XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product...

CVE-2025-26737 WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5...

CVE-2025-26737 WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5...

WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Peter Thaleikis in WordPress Theme Big Store versions = 2.0.8...

CVE-2025-30881 WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through = 2.0.8...

CVE-2025-30881 WordPress Big Store theme <= 2.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through = 2.0.8...

WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme City Store versions = 1.4.5...

WordPress Top Store Theme 1.5.4 Privilege Escalation

This script exploits CVE-2024-10673, a critical vulnerability found in the Top Store WordPress Theme versions 1.5.4 and below. The flaw allows authenticated users with subscriber-level access or higher to install and activate arbitrary plugins via unprotected AJAX requests. This can lead to...

CVE-2024-10673

The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...