19215 matches found
CVE-2026-57793
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Flow flow allows PHP Local File Inclusion.This issue affects Flow: from n/a through = 1.8...
CVE-2026-57797
Missing Authorization vulnerability in ThemeMove EduMall edumall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduMall: from n/a through = 4.5.1...
CVE-2026-57743
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57744
Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57745
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Reflected XSS.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57728
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through = 3.20.5...
CVE-2026-57729
Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through = 3.20.5...
CVE-2026-57792
CVE-2026-57792 pertains to Mikado-Themes Dør dor (WordPress theme). It describes an Improper Control of Filename for Include/Require Statement in PHP, enabling Local File Inclusion (LFI) and labeled as a PHP Remote File Inclusion vulnerability. The issue affects Dør versions up to and including 2...
CVE-2026-57779
The CVE covers a Missing Authorization (Broken Access Control) issue in the WordPress Fascinate theme, versions up to and including 1.1.5. The public description states exploitation arises from Incorrectly Configured Access Control Security Levels, affecting Fascinate via the theme and is categor...
CVE-2026-57770
The CVE-2026-57770 entry concerns Deserialization of Untrusted Data in the WordPress Theme Grand Photography plugin/theme. Affected: Grand Photography versions up to 5.7.8. Root cause: PHP object injection arising from untrusted data deserialization. Impact: high confidentiality, integrity, and a...
CVE-2026-57791
CVE-2026-57791 : Affected software is the WordPress Brook theme, <= 2.9.0. The issue is an improper validation/control of filenames in PHP include/require, enabling an PHP Local File Inclusion via a crafted filename. The NVD entry cites a CVSS v3.1 base score of 7.5 (HIGH) with network attack ...
CVE-2026-57774
The CVE-2026-57774 entry corresponds to a Missing Authorization / Broken Access Control vulnerability in the WordPress theme VW Food Corner (versions up to and including 1.1.0). The issue affects the theme itself, enabling exploitation due to incorrectly configured access control security levels....
CVE-2026-57804
CVE-2026-57804 describes an PHP Local File Inclusion in CodexThemes TheGem Theme Elements (for Elementor), specifically TheGem Theme Elements for Elementor up to version 5.11.1. The issue arises from improper control of the filename used in include/require statements, enabling an attacker with au...
CVE-2026-57800
Technical details about CVE-2026-57800 are not provided in the connected documents. The entries mention Local File Inclusion in Overworld theme
CVE-2026-57743 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows PHP Local File Inclusion.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57744 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Object Injection.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-57776 WordPress VW Wedding theme <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in vowelweb VW Wedding vw-wedding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Wedding: from n/a through = 1.3.7...
CVE-2026-57774 WordPress VW Food Corner theme <= 1.1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...
CVE-2026-57779 WordPress Fascinate theme <= 1.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Fascinate fascinate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fascinate: from n/a through = 1.1.5...
CVE-2026-57796 WordPress Leedo theme <= 3.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VLThemes Leedo leedo allows PHP Local File Inclusion.This issue affects Leedo: from n/a through = 3.0.0...