18742 matches found
CVE-2026-39629 WordPress Uminex theme <= 1.0.9 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Uminex uminex allows Code Injection.This issue affects Uminex: from n/a through = 1.0.9...
CVE-2026-39632 WordPress Grand Blog theme <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through = 3.1...
CVE-2026-39628
CVE-2026-39628 affects the WordPress DukaMarket theme (kutethemes)
CVE-2026-39624 WordPress Biolife theme <= 3.2.3 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through = 3.2.3...
CVE-2026-39624 WordPress Biolife theme <= 3.2.3 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through = 3.2.3...
CVE-2026-39627 WordPress Ashe theme <= 2.266 - Broken Access Control vulnerability
Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through = 2.266...
CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
CVE-2026-39625 WordPress TechOne theme <= 3.0.3 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...
CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...
CVE-2026-39626 WordPress Armania theme <= 1.4.8 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through = 1.4.8...
CVE-2026-39626
CVE-2026-39626 concerns the WordPress kutethemes Armania theme (
CVE-2026-39625 WordPress TechOne theme <= 3.0.3 - Arbitrary Shortcode Execution vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...
CVE-2026-39627
CVE-2026-39627 is associated with the WordPress theme Ashe (vulnerable up to version 2.266). The issue is described as a Missing Authorization vulnerability caused by “Exploiting Incorrectly Configured Access Control Security Levels,” enabling access control bypass. Affected product/component: Wo...
CVE-2026-39620
CVE-2026-39620 is a CSRF vulnerability in the WordPress Appointment theme (
CVE-2026-39622 WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...
CVE-2026-39621 WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability
Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...
CVE-2026-39623 WordPress Biolife theme <= 3.2.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through = 3.2.3...
CVE-2026-39622
The CVE-2026-39622 entry describes a Missing Authorization vulnerability in the acmethemes Education Base WordPress theme (education-base) affecting versions up to and including 3.0.8. The root cause is Incorrectly Configured Access Control Security Levels, enabling unauthorized access due to bro...
CVE-2026-39622 WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...
CVE-2026-39623
CVE-2026-39623 concerns the WordPress Biolife theme (kutethemes Biolife) with an improper control of the filename in PHP include/require, resulting in a PHP Local File Inclusion vulnerability (LFI) that is described as a PHP Remote File Inclusion issue in some sources. Affected product: Biolife t...