WordPress Putter theme <= 1.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Putter versions = 1.17...

CVE-2026-24970 WordPress Energox theme <= 1.2 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in designingmedia Energox energox allows Path Traversal.This issue affects Energox: from n/a through = 1.2...

CVE-2026-32381

CVE-2026-32381 affects the WordPress App Landing Page theme

CVE-2026-28084

CVE-2026-28084 is a Local File Inclusion vulnerability in the WordPress theme Bazinga (ThemeREX Bazinga). The issue arises from improper control of the filename used in PHP Include/Require, allowing an attacker to include local files. The vulnerability affects Bazinga versions from unspecified ea...

PT-2026-23225

Name of the Vulnerable Software and Affected Versions axiomthemes Au Pair Agency - Babysitting & Nanny Theme versions through 1.2.2 Description The software contains a flaw related to the deserialization of untrusted data, allowing for object injection. This issue impacts the Au Pair Agency -...

CVE-2025-69410

CVE-2025-69410 corresponds to a Local File Inclusion vulnerability in the WordPress Belletrist theme (versions

CVE-2026-25006

CVE-2026-25006 affects the WordPress XStore theme up to version 9.6.4. The Root Cause is improper neutralization of script-related HTML tags in a web page, enabling Code Injection via XStore’s shortcode handling. Affected product: XStore theme (WordPress). Impact: potential arbitrary shortcode ex...

CVE-2026-22400 WordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through = 1.7...

CVE-2025-69066

CVE-2025-69066 affects the WordPress theme Indoor Plants by AncoraThemes. This is an improper filename verification leading to Local File Inclusion (PHP include/require). Affected: Indoor Plants

WordPress FitLine theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme FitLine versions = 1.6...

WordPress PressGrid - Frontend Publish Reaction & Multimedia Theme <= 1.3.1 - Deserialization of untrusted data Vulnerability

WordPress PressGrid - Frontend Publish Reaction & Multimedia Theme = 1.3.1 - Deserialization of untrusted data Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme PressGrid - Frontend Publish Reaction & Multimedia Theme versions = 1.3.1...

WordPress Glossy Blog theme <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Glossy Blog versions = 1.0.3...

WordPress Civi theme <= 2.1.4 - Authentication Bypass via Non-Randomized Password for SSO Accounts vulnerability

Authentication Bypass via Non-Randomized Password for SSO Accounts vulnerability discovered by Lucio Sá in WordPress Theme Civi versions = 2.1.4...

CVE-2025-22821 WordPress StorePress theme <= 1.0.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in vfthemes StorePress allows DOM-Based XSS.This issue affects StorePress: from n/a through 1.0.12...

CVE-2024-56056 WordPress SimpleCharm Theme <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kmfoysal06 SimpleCharm simplecharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through = 1.4.3...

CVE-2025-22339

CVE-2025-22339 describes a DOM-based XSS in Store Commerce (a ThemeArt Store Commerce component). Affected: Store Commerce Theme (WordPress). Technical detail from provided sources: vulnerability stems from improper neutralization of input during web page generation, enabling DOM-Based XSS. The i...

CVE-2024-37431 WordPress Mesmerize theme <= 1.6.120 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in extendthemes Mesmerize mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through = 1.6.120...

PT-2011-4741 · Unknown · Black-Letterhead

Name of the Vulnerable Software and Affected Versions: Black-LetterHead theme version 1.5 and earlier Description: A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the PATH INFO to index.php. Recommendations: F...