18742 matches found
CVE-2026-22509
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...
CVE-2025-69096
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in G5Theme Zorka zorka allows Reflected XSS.This issue affects Zorka: from n/a through = 1.5.7...
CVE-2026-3211
Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...
CVE-2026-32529 WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through 1.5.19...
CVE-2026-32531 WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through 1.4.5...
CVE-2026-32529
CVE-2026-32529 : The WordPress/Molla theme vulnerability is a Reflected Cross-Site Scripting issue in the Molla template. According to the initial description, it affects Molla versions from n/a up to (and including)
CVE-2026-32531 WordPress Kunco theme < 1.4.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kunco kunco allows PHP Local File Inclusion.This issue affects Kunco: from n/a through 1.4.5...
CVE-2026-32529 WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through 1.5.19...
CVE-2026-32529
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Molla molla allows Reflected XSS.This issue affects Molla: from n/a through 1.5.19...
CVE-2026-32531
CVE-2026-32531: Kunco WordPress Theme (
CVE-2026-32528
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through 1.6.29...
CVE-2026-32528 WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through 1.6.29...
CVE-2026-32528 WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through 1.6.29...
CVE-2026-32528
CVE-2026-32528 affects the Riode WordPress theme (Multi-Purpose WooCommerce) with versions prior to 1.6.29. The issue is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. The CVSS v3.1 base score is 7.1 (HIGH), with network attack vector, n...
CVE-2026-32526
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.10...
CVE-2026-32526
CVE-2026-32526 affects the WordPress plugin VillaTheme Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), version range: = 1.1.11) or apply vendor-provided fixes where available. Documentation in connected sources consistently identifies this as a Stored XSS affecting the plug...
CVE-2026-32518 WordPress Gaea theme < 3.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in imithemes Gaea gaea allows Reflected XSS.This issue affects Gaea: from n/a through 3.8...
CVE-2026-32518
CVE-2026-32518 affects the WordPress Gaea theme (imithemes Gaea) prior to version 3.8. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affected component is the theme code handling user-supplied input; impact is...
CVE-2026-32515
CVE-2026-32515 is documented in Wordfence Intelligence as a Missing Authorization vulnerability affecting Miraculous: Multi Vendor Online Music Store Elementor WordPress Theme, versioned < 2.1.2. The Wordfence weekly report also lists related Miraculous entries (e.g., Miraculous Core
CVE-2026-32515 WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...