WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion

Campress theme for WordPress up to 1.35 contains a local file inclusion caused by 'campresswoocommercegetajaxproducts' function, letting unauthenticated attackers include and execute arbitrary PHP files, exploit requires no authentication. id: CVE-2024-10763 info: name: WordPress Campress Theme =...

CVE-2026-22338 WordPress EcoBlue theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in EcoBlue = 1.15 versions...

CVE-2026-40750

CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...

CVE-2024-58349

WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them...

WordPress Choreo theme <= 1.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Choreo versions = 1.6...

WordPress WineShop theme <= 3.17 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme WineShop versions = 3.17...

CVE-2026-39642 WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

WordPress CopyPress theme <= 1.4.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CopyPress versions = 1.4.5...

CVE-2026-6812

The Ona theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.26 via the onaactivatechildtheme. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating...

VulnCheck KEV: CVE-2024-13421

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...

WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Kids Online Store versions = 0.8.9...

WordPress Ecommerce Zone theme <= 0.9.7 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Denver Jackson in WordPress Theme Ecommerce Zone versions = 0.9.7...

EUVD-2024-47052

The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request Forgery.This issue affects Grand Magazine: from n/a through = 3.5.5...

CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

CVE-2026-39603 WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through = 5.7.8...

CVE-2026-32374

Missing Authorization vulnerability in raratheme The Minimal the-minimal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Minimal: from n/a through = 1.2.9...

CVE-2026-32515 WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...

CVE-2026-32505 WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through = 2.0.8...

CVE-2026-25359 WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through 3.1.5...