CVE-2026-39547 WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Getaway 1.8 versions...

CVE-2026-39539

Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...

CVE-2026-39522

CVE-2026-39522: WordPress Solene theme

CVE-2026-39522 WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Solene = 3.4 versions...

CVE-2026-39446

The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...

CVE-2026-39443 WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...

CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...

CVE-2026-27429

CVE-2026-27429 concerns the WordPress Nifty theme (versions

CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...

CVE-2026-12256 WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Avada = 3.15.3 versions...

CVE-2025-69178 WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Truemag = 4.3.14.2 versions...

CVE-2025-69178

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2025-69177 WordPress Roneous theme <= 2.1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Roneous = 2.1.5 versions...

CVE-2025-69176 WordPress ITactics theme <= 1.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in ITactics = 1.0 versions...

CVE-2025-69176

Technical details about CVE-2025-69176 are not provided in the supplied documents. Monitor for updates; the initial entry notes unauthenticated Local File Inclusion in ITactics

CVE-2025-69177

CVE-2025-69177 refers to an Unauthenticated Local File Inclusion in the WordPress Roneous theme ≤ 2.1.5. The vulnerability arises from Local File Inclusion in the Roneous theme, enabling an attacker to access restricted files without authentication. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:...

CVE-2025-69168

CVE-2025-69168 affects the WordPress Spike theme up to version 1.2, with an unauthenticated Local File Inclusion vulnerability. The entry notes LFI without authentication, implying an attacker could access local files. The CVSS 3.1 data (Patchstack) assigns a base score of 8.1 (HIGH) with NETWORK...

CVE-2025-69168 WordPress Spike theme <= 1.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Spike = 1.2 versions...

CVE-2025-69167 WordPress Eros theme <= 1.3 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Eros = 1.3 versions...

CVE-2025-69165

CVE-2025-69165 affects WordPress Choreo theme versions