18742 matches found
CVE-2026-39711
CVE-2026-39711 affects WordPress RT-Theme 18 | Extensions (rt18-extensions) up to version 2.5. The issue arises from the insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data. Affected component: RT-Theme 18 | Extensions. Root cause: improper handling le...
CVE-2026-39710
CVE-2026-39710 affects WordPress RT-Theme 18 | Extensions (rt18-extensions) up to version 2.5. The issue is a CSRF vulnerability that could allow actions on behalf of authenticated users. The root cause and affected component are described across multiple feeds; the primary fix recommended is upd...
CVE-2026-39710 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-39711
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-39684 WordPress OrganicFood theme <= 3.6.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affects OrganicFood: from n/a through = 3.6.4...
CVE-2026-39684
CVE-2026-39684 affects the WordPress OrganicFood theme (versions up to and including 3.6.4). The issue is described as an improper control of the filename for include/require statements in PHP, effectively a PHP Local File Inclusion vulnerability with characteristics of a Remote File Inclusion cl...
CVE-2026-39681 WordPress Homeo theme <= 1.2.59 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...
CVE-2026-39677 WordPress Emphires theme <= 3.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through = 3.9...
CVE-2026-39679 WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39679
CVE-2026-39679 is a local file inclusion (LFI) in the WordPress Freeio/ApusTheme Freeio plugin/theme. Affected: Freeio versions up to and including 1.3.21 (and related Freeio/Freeio themes referenced in Red Hat/EUVD records and CVE listings). Root cause: improper control of filenames for include/...
CVE-2026-39679
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39677
The CVE describes a PHP Local File Inclusion in the WordPress Emphires theme (Creatives_Planet Emphires) versions up to 3.9, caused by improper control of filename for include/require statements (PHP Remote File Inclusion). Affects Emphires
CVE-2026-39679 WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39649 WordPress Royale News theme <= 2.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through = 2.2.4...
CVE-2026-39649
The CVE-2026-39649 entry concerns the WordPress Royale News theme ( Royale News) version
CVE-2026-39649 WordPress Royale News theme <= 2.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through = 2.2.4...
CVE-2026-39648 WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...
CVE-2026-39648 WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...
CVE-2026-39648
CVE-2026-39648 affects the WordPress Cream Blog theme (Cream Blog) up to version 2.1.7. The issue is a Missing/Incorrectly Configured Access Control vulnerability (Missing Authorization) that allows bypassing normal authorization checks. Documents consistently describe a broken access control vul...
CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...