Lucene search
K

19028 matches found

CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-32482

CVE-2026-32482 affects WordPress Ona theme versions prior to 1.24. The issue is Unrestricted Upload of File with Dangerous Type, allowing an attacker to upload a web shell to the web server via the Ona plugin/theme. Relevant sources report a high-severity CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR...

9.9CVSS5.8AI score0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-31913 WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through 1.5.16...

8.6CVSS5.8AI score0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2026-31913 WordPress Scape theme < 1.5.16 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through 1.5.16...

8.6CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.8 views

CVE-2026-31913

CVE-2026-31913 affects the Scape WordPress theme (Scape) with versions prior to 1.5.16. The Wordfence report confirms an unauthenticated path traversal vulnerability that can lead to arbitrary file deletion, i.e., a path traversal flaw exploited without authentication. The Wordfence note explicit...

8.6CVSS5.8AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-27084

CVE-2026-27084 affects the WordPress Buisson theme (versions through 1.1.11). The issue is untrusted data deserialization leading to PHP object injection, described as an unauthenticated PHP Object Injection vulnerability. Public sources (NVD/Red Hat/EUVD) assign a high impact, with CVSSv3.1 base...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.23 views

CVE-2026-27083 WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...

9.8CVSS0.00375EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.4 views

CVE-2026-27083

Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through = 1.2...

5.8AI score0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-27084 WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through = 1.1.11...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-27081 WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through = 1.4...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.7 views

CVE-2026-27080

CVE-2026-27080 pertains to WordPress Deston theme (Deston &lt;= 1.0). The vulnerability is an unauthenticated Local File Inclusion via improper handling of Include/Require filenames in PHP, enabling arbitrary local file inclusion. Reports indicate affected Deston versions are &lt;= 1.0 and that t...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:14 p.m.4 views

CVE-2026-27081

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through = 1.4...

5.8AI score0.00403EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-27082

CVE-2026-27082 describes a PHP object-injection/Deserialization of Untrusted Data vulnerability in WordPress Theme Love Story (ThemeREX Love Story) versions n/a through 1.3.12. The issue arises from deserializing untrusted data, enabling object injection. Reported impact includes high confidentia...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.31 views

CVE-2026-27081 WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through = 1.4...

8.1CVSS0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-27079 WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through = 1.1...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-27080 WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through = 1.0...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.8 views

CVE-2026-27081

CVE-2026-27081 concerns the WordPress Rosebud theme (Rosebud) with versions up to and including 1.4, exposing a Local File Inclusion via improper control of include/require filenames in PHP. The vulnerability is documented as LFI in Rosebud

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.13 views

CVE-2026-27083

CVE-2026-27083 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme “Work & Travel Company” (ThemeREX Work & Travel Company) affecting versions through 1.2. The root cause is PHP object injection via deserialization of untrusted data in the theme, enabling potential ...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-27078 WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through = 1.0.1...

8.1CVSS5.8AI score0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-27082 WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through = 1.3.12...

9.8CVSS0.00375EPSS
Exploits0References1
Rows per page
Query Builder