GHSA-XJVC-PW2R-6878 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...

GHSA-XV3R-VR59-95RG CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2...

CVE-2025-58922

The vulnerability concerns ThemeFusion Avada (WordPress theme). A CSRF flaw exists in Avada versions before 7.13.2. The affected component is the theme’s CSRF protection surface; root cause details are not fully disclosed in the provided documents, but the issue is categorized as a Cross-Site Req...

Malicious code in @openwebconcept/theme-owc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9da7f58491c9c4715c34da32da8f4a9d1519075412a9be534d19e6e07466e2 The package @openwebconcept/theme-owc was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2994 Malicious code in @openwebconcept/theme-owc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ba9da7f58491c9c4715c34da32da8f4a9d1519075412a9be534d19e6e07466e2 The package @openwebconcept/theme-owc was found to contain malicious code. Source: ghsa-malware...

WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...

WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Kapee versions 1.7.0...

CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute

The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in all versions up to and including 1.0.8. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The ttttwitteetweeter...

CVE-2026-4280 Breaking News WP <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Local File Inclusion/Read

The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3. This is due to the brnwpajaxform AJAX endpoint lacking both authorization checks and CSRF verification, combined with insufficient path validation when the brnwptheme option...

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

Exploit for Injection in Ghost

This is a rework of the Repo by rootxran for this same CVE - htt...

Embedded Malicious Code

Overview @openwebconcept/theme-owc is a Default OpenWebconcept theme — emits OWC brand tokens scoped to the .theme-owc selector Affected versions of this package are vulnerable to Embedded Malicious Code that injects a credential-harvesting script that runs via postinstall on every npm install. I...

October CMS: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

Fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access but had editor.cmsassets or editor.tailorblueprints specifically withheld, an uncommon...

CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

PT-2026-34005

Name of the Vulnerable Software and Affected Versions October versions prior to 3.7.16 October versions prior to 4.1.16 Description Fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This allows backend users who...

WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Valeska versions = 1.2.2...

WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Behold versions = 1.5...