18742 matches found
CVE-2026-27075
CVE-2026-27075 concerns an Improper Control of Filename for Include/Require Statement (PHP Local File Inclusion) in Mikado-Themes Belfort (WordPress theme Belfort). The vulnerability allows Local File Inclusion due to inadequate validation of filenames used in PHP include/require, affecting Belfo...
CVE-2026-27077
CVE-2026-27077 affects Mikado-Themes MultiOffice WordPress theme (MultiOffice)
CVE-2026-27075 WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through = 1.0...
CVE-2026-27077 WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through = 1.2...
CVE-2026-27051 WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through = 1.7.0...
CVE-2026-27051
CVE-2026-27051: A Privilege Escalation via Incorrect Privilege Assignment in the WordPress theme Golo (uxper)
CVE-2026-27051 WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through = 1.7.0...
CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...
CVE-2026-25464
CVE-2026-25464 affects the WordPress plugin Jannah (Jannah – Newspaper Magazine News BuddyPress AMP). The Wordfence and NVD entries describe an "Imporper Control of Filename for Include/Require Statement" vulnerability that enables PHP Local File Inclusion via manipulated include/require targets....
CVE-2026-25464 WordPress Jannah theme <= 7.6.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through = 7.6.4...
CVE-2026-25454
CVE-2026-25454 is a Missing Authorization vulnerability affecting The League WordPress Theme (the-league) up to version 4.4.1. The initial description notes Missing Authorization with an impact described as an access-control misconfiguration, affecting The League from not applicable to <= 4.4....
CVE-2026-25457
CVE-2026-25457 affects Mixtape WordPress Theme
CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
CVE-2026-25457 WordPress Mixtape theme <= 2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through = 2.1...
CVE-2026-25458 WordPress Moments theme <= 2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...
CVE-2026-25457 WordPress Mixtape theme <= 2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Mixtape mixtape allows PHP Local File Inclusion.This issue affects Mixtape: from n/a through = 2.1...
CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...
CVE-2026-25458
CVE-2026-25458 affects Moments (WordPress theme) up to version 2.2. The issue is an improper control of filename for include/require statements in PHP, effectively a PHP Remote File Inclusion that enables Local File Inclusion. According to Wordfence, this vulnerability is currently Unpatched; CVS...
CVE-2026-25400
CVE-2026-25400 affects WordPress Theme Apicona (versions up to 24.1.0). The issue is a deserialization of untrusted data that enables object injection. CVSS v3.1: 8.8 (HIGH); vector CVSS:AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Impact spans confidentiality, integrity, and availability. Root cause des...
CVE-2026-25400 WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through = 24.1.0...