18988 matches found
CVE-2025-69369
CVE-2025-69369 is a Local File Inclusion vulnerability in the WordPress theme Racquet (Racquet
CVE-2025-69369 WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...
CVE-2025-58897 WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...
CVE-2025-58897
The CVE-2025-58897 entry concerns the WordPress Fermentio theme (
CVE-2025-58897 WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...
CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...
CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...
CVE-2026-39555
The CVE-2026-39555 entry concerns the WordPress Askka theme (versions up to 1.3.1). The vulnerability is a PHP Object Injection via a deserialization of untrusted data in the Askka plugin/theme, allowing object injection. Affected component: WordPress Askka theme
CVE-2026-39555 WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...
CVE-2026-39555 WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...
CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...
CVE-2026-39553 WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from n/a through 1.4...
CVE-2026-39553
CVE-2026-39553 concerns WordPress WaveRide theme versions up to 1.4, due to improper control of the filename for include/require in a PHP program, enabling Local File Inclusion (LFI). Affected software: WaveRide theme (Select-Themes) with PHP-based inclusion vulnerability. Root cause: inadequate ...
CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...
CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...
CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...
CVE-2026-39551
The CVE-2026-39551 entry concerns the WordPress Töbel theme (versions <= 1.8.1) with a PHP Object Injection /deserialization vulnerability in Töbel. Affected component: Töbel theme; root cause: deserialization of untrusted data enabling object injection. Impact metrics from Patchstack indicate...
CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...
CVE-2026-39550 WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...
CVE-2026-39550
CVE-2026-39550 affects the WordPress Aperitif theme (versions up to 1.6). The issue is a PHP Object Injection caused by deserialization of untrusted data in Aperitif, enabling exploitation via a network vector with no user interaction and no privileges required. The CVSSv3.1 base score is 8.1 (HI...