18998 matches found
CVE-2026-5070
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...
PT-2026-33254
The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the gallery template. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2026-40737
Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...
CVE-2026-40737
Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...
CVE-2026-1555
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...
CVE-2025-15470
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akdrequiredplugincallback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2026-1555
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...
CVE-2026-1555 WebStack <= 1.2024 - Unauthenticated Arbitrary File Upload
The WebStack theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ioimgupload function in all versions up to, and including, 1.2024. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which...
CVE-2026-1555
The WebStack WordPress theme is vulnerable to unauthenticated arbitrary file upload via the io_img_upload() function in all versions up to 1.2024. This allows attackers with no authentication to upload arbitrary files to the server, with the potential for remote code execution. Affected product: ...
PT-2026-32996
Name of the Vulnerable Software and Affected Versions WebStack versions prior to 1.2025 Description The WebStack theme for WordPress allows unauthenticated attackers to upload arbitrary files to the server. This is caused by a lack of file type validation within the io img upload function, which...
PT-2026-33043
Name of the Vulnerable Software and Affected Versions VillaTheme COMPE versions prior to 1.1.5 Description An authorization bypass exists due to a user-controlled key, which allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version...
CVE-2025-15470
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akdrequiredplugincallback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2025-15470
The CVE describes an arbitrary directory deletion vulnerability in the Eleganzo WordPress theme (versions
CVE-2025-15470 Eleganzo <= 1.2 - Authenticated (Subscriber+) Arbitrary Directory Deletion
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akdrequiredplugincallback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2026-39640
Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...
CVE-2026-39679
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
PT-2026-32991
The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd required plugin callback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
CVE-2026-39711
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...
CVE-2026-39649
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through = 2.2.4...