18742 matches found
CVE-2026-32505 WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through = 2.0.8...
CVE-2026-32505 WordPress Kiddy theme <= 2.0.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Kiddy kiddy allows PHP Local File Inclusion.This issue affects Kiddy: from n/a through = 2.0.8...
CVE-2026-32505
CVE-2026-32505 documents a WordPress Kiddy theme ≤ 2.0.8 local file inclusion due to improper control of filename handling for PHP include/require, effectively a PHP Remote File Inclusion weakness that leads to PHP Local File Inclusion. Affected product: CreativeWS Kiddy (WordPress theme) version...
CVE-2026-32504
CVE-2026-32504 is a local file inclusion vulnerability affecting the WordPress theme/plugin combo “VintWood” (Vintage, Retro WordPress Theme). The initial description and connected Wordfence vulnerability digest indicate VintWood versions <= 1.1.8 are affected by an unauthenticated Local File ...
CVE-2026-32503 WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS Trendustry trendustry allows PHP Local File Inclusion.This issue affects Trendustry: from n/a through = 1.1.4...
CVE-2026-32504 WordPress VintWood theme <= 1.1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS VintWood vintwood allows PHP Local File Inclusion.This issue affects VintWood: from n/a through = 1.1.8...
CVE-2026-32503
CVE-2026-32503 is a Trendustry WordPress vulnerability described by Wordfence as an unauthenticated Local File Inclusion (LFI) via improper control of the filename for include/require in a PHP program (PHP Remote File Inclusion). Affected software: Trendustry Trendustry (CreativeWS) WordPress the...
CVE-2026-32502 WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through 1.6...
CVE-2026-32500
CVE-2026-32500 corresponds to MetaMax (WordPress theme) from CreativeWS and is an unauthenticated Local File Inclusion (LFI) caused by improper control of the filename used in PHP include/require. Affected are MetaMax versions up to and including 1.1.4. The issue carries a high-risk CVSS v3.1 sco...
CVE-2026-32502
CVE-2026-32502 describes a PHP object injection vulnerability in the WordPress plugin/theme “Select-Themes Borgholm – borgholm-marketing-agency-theme.” The issue arises from deserialization of untrusted data, allowing object injection and potential impact on affected installs. Affected versions a...
CVE-2026-32502 WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through 1.6...
CVE-2026-32500 WordPress MetaMax theme <= 1.1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects MetaMax: from n/a through = 1.1.4...
CVE-2026-32502
Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through 1.6...
CVE-2026-32482
CVE-2026-32482 affects WordPress Ona theme versions prior to 1.24. The issue is Unrestricted Upload of File with Dangerous Type, allowing an attacker to upload a web shell to the web server via the Ona plugin/theme. Relevant sources report a high-severity CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR...
CVE-2026-32482 WordPress Ona theme < 1.24 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in deothemes Ona ona allows Upload a Web Shell to a Web Server.This issue affects Ona: from n/a through 1.24...
CVE-2026-31913 WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through 1.5.16...
CVE-2026-31913 WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through 1.5.16...
CVE-2026-31913
CVE-2026-31913 affects the Scape WordPress theme (Scape) with versions prior to 1.5.16. The Wordfence report confirms an unauthenticated path traversal vulnerability that can lead to arbitrary file deletion, i.e., a path traversal flaw exploited without authentication. The Wordfence note explicit...
CVE-2026-27084 WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through = 1.1.11...
CVE-2026-27081
CVE-2026-27081 concerns the WordPress Rosebud theme (Rosebud) with versions up to and including 1.4, exposing a Local File Inclusion via improper control of include/require filenames in PHP. The vulnerability is documented as LFI in Rosebud