CVE-2026-39618 WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through = 7.1...

CVE-2026-39617 WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

CVE-2026-39618

CVE-2026-39618 affects the WordPress NewsExo theme (themlerile) up to version 7.1. The issue is a Cross-Site Request Forgery (CSRF) vulnerability in NewsExo newsexo that could allow an attacker to induce a user to perform unwanted actions. The available connected sources confirm the vulnerability...

CVE-2026-39619

Summary: CVE-2026-39619 affects the WordPress Busiprof theme (

CVE-2026-39617 WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

CVE-2026-39618 WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through = 7.1...

CVE-2026-39619 WordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

CVE-2026-39613

CVE-2026-39613 concerns a Local File Inclusion in the WordPress Boutique theme by Kutethemes (kute-boutique). All connected sources consistently describe an improper control of the filename used by PHP include/require, enabling LFI. Affected software: Boutique theme versions up to and including 2...

CVE-2026-39613 WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

CVE-2026-39613 WordPress Boutique theme <= 2.3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Boutique kute-boutique allows PHP Local File Inclusion.This issue affects Boutique: from n/a through = 2.3.3...

CVE-2026-39612 WordPress KuteShop theme <= 4.2.9 - Arbitrary Shortcode Execution vulnerability

Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through = 4.2.9...

CVE-2026-39612

CVE-2026-39612 affects the WordPress theme KuteShop (KuteShop theme) ≤ 4.2.9. Root cause: missing authorization / incorrectly configured access control that enables unauthorized actions. Impact: arbitrary shortcode execution within the affected site. Exploitation details are not provided in the c...

CVE-2026-39603 WordPress Grand Photography theme <= 5.7.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Request Forgery.This issue affects Grand Photography: from n/a through = 5.7.8...

CVE-2026-39603

Summary: CVE-2026-39603 is a CSRF vulnerability in the WordPress theme “ThemeGoods Grand Photography grandphotography” affecting Grand Photography versions from n/a up to and including 5.7.8. The issue is a Cross-Site Request Forgery, with CVSS 3.1 base score 5.4 (Medium): network attacker, no pr...

CVE-2026-39544 WordPress LabtechCO theme <= 8.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through = 8.3...

CVE-2026-39544

CVE-2026-39544 affects WordPress LabtechCO theme

CVE-2026-39544 WordPress LabtechCO theme <= 8.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through = 8.3...

CVE-2026-3535

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...

CVE-2026-3535

The CVE concerns the DSGVO Google Web Fonts GDPR WordPress plugin. All versions up to 1.1 are vulnerable due to missing file type validation in the DSGVOGWPdownloadGoogleFonts() function. The function, exposed via a wp_ajax_nopriv_ hook (no authentication), fetches a user-supplied URL as a CSS fi...

PT-2026-31273

Name of the Vulnerable Software and Affected Versions RT-Theme 18 | Extensions versions through 2.5 Description An issue exists in RT-Theme 18 | Extensions that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update RT-Theme 18...