19028 matches found
CVE-2026-32482
CVE-2026-32482 affects WordPress Ona theme versions prior to 1.24. The issue is Unrestricted Upload of File with Dangerous Type, allowing an attacker to upload a web shell to the web server via the Ona plugin/theme. Relevant sources report a high-severity CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR...
CVE-2026-31913 WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through 1.5.16...
CVE-2026-31913 WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through 1.5.16...
CVE-2026-31913
CVE-2026-31913 affects the Scape WordPress theme (Scape) with versions prior to 1.5.16. The Wordfence report confirms an unauthenticated path traversal vulnerability that can lead to arbitrary file deletion, i.e., a path traversal flaw exploited without authentication. The Wordfence note explicit...
CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-27084
CVE-2026-27084 affects the WordPress Buisson theme (versions through 1.1.11). The issue is untrusted data deserialization leading to PHP object injection, described as an unauthenticated PHP Object Injection vulnerability. Public sources (NVD/Red Hat/EUVD) assign a high impact, with CVSSv3.1 base...
CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-27083
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...
CVE-2026-27084 WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through = 1.1.11...
CVE-2026-27081 WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through = 1.4...
CVE-2026-27080
CVE-2026-27080 pertains to WordPress Deston theme (Deston <= 1.0). The vulnerability is an unauthenticated Local File Inclusion via improper handling of Include/Require filenames in PHP, enabling arbitrary local file inclusion. Reports indicate affected Deston versions are <= 1.0 and that t...
CVE-2026-27081
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through = 1.4...
CVE-2026-27082
CVE-2026-27082 describes a PHP object-injection/Deserialization of Untrusted Data vulnerability in WordPress Theme Love Story (ThemeREX Love Story) versions n/a through 1.3.12. The issue arises from deserializing untrusted data, enabling object injection. Reported impact includes high confidentia...
CVE-2026-27081 WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through = 1.4...
CVE-2026-27079 WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through = 1.1...
CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through = 1.0...
CVE-2026-27081
CVE-2026-27081 concerns the WordPress Rosebud theme (Rosebud) with versions up to and including 1.4, exposing a Local File Inclusion via improper control of include/require filenames in PHP. The vulnerability is documented as LFI in Rosebud
CVE-2026-27083
CVE-2026-27083 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme “Work & Travel Company” (ThemeREX Work & Travel Company) affecting versions through 1.2. The root cause is PHP object injection via deserialization of untrusted data in the theme, enabling potential ...
CVE-2026-27078 WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through = 1.0.1...
CVE-2026-27082 WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through = 1.3.12...