CVE-2026-39625

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...

CVE-2026-39716 WordPress Flipmart theme <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through = 2.8...

CVE-2026-39714 WordPress G5Plus April theme <= 6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through = 6.8...

CVE-2026-39714 WordPress G5Plus April theme <= 6.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G5Plus April: from n/a through = 6.8...

CVE-2026-39716

CVE-2026-39716 concerns CKThemes Flipmart WordPress theme (versions through 2.8) with a Missing Authorization/Broken Access Control vulnerability due to incorrectly configured access control security levels. The issue affects Flipmart up to and including 2.8; the documented remediation is to upgr...

CVE-2026-39716 WordPress Flipmart theme <= 2.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through = 2.8...

CVE-2026-39714

CVE-2026-39714 describes a Missing Authorization (broken access control) vulnerability in G5Theme G5Plus April for WordPress, affecting versions up to 6.8. The root cause is misconfigured access control enabling unauthorized access (no privileges, no user interaction required) over network. The C...

CVE-2026-39710 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

CVE-2026-39711

Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

CVE-2026-39710

Cross-Site Request Forgery CSRF vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

CVE-2026-39711

CVE-2026-39711 affects WordPress RT-Theme 18 | Extensions (rt18-extensions) up to version 2.5. The issue arises from the insertion of sensitive information into sent data, enabling retrieval of embedded sensitive data. Affected component: RT-Theme 18 | Extensions. Root cause: improper handling le...

CVE-2026-39711 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

CVE-2026-39711 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

CVE-2026-39710 WordPress RT-Theme 18 | Extensions plugin <= 2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions allows Cross Site Request Forgery.This issue affects RT-Theme 18 | Extensions: from n/a through = 2.5...

CVE-2026-39710

CVE-2026-39710 affects WordPress RT-Theme 18 | Extensions (rt18-extensions) up to version 2.5. The issue is a CSRF vulnerability that could allow actions on behalf of authenticated users. The root cause and affected component are described across multiple feeds; the primary fix recommended is upd...

CVE-2026-39684 WordPress OrganicFood theme <= 3.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnTheme OrganicFood organicfood allows PHP Local File Inclusion.This issue affects OrganicFood: from n/a through = 3.6.4...

CVE-2026-39684

CVE-2026-39684 affects the WordPress OrganicFood theme (versions up to and including 3.6.4). The issue is described as an improper control of the filename for include/require statements in PHP, effectively a PHP Local File Inclusion vulnerability with characteristics of a Remote File Inclusion cl...

CVE-2026-39681 WordPress Homeo theme <= 1.2.59 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Homeo homeo allows PHP Local File Inclusion.This issue affects Homeo: from n/a through = 1.2.59...

CVE-2026-39677 WordPress Emphires theme <= 3.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through = 3.9...

CVE-2026-39679

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...