19013 matches found
CVE-2026-39679
CVE-2026-39679 is a local file inclusion (LFI) in the WordPress Freeio/ApusTheme Freeio plugin/theme. Affected: Freeio versions up to and including 1.3.21 (and related Freeio/Freeio themes referenced in Red Hat/EUVD records and CVE listings). Root cause: improper control of filenames for include/...
CVE-2026-39679 WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39677
The CVE describes a PHP Local File Inclusion in the WordPress Emphires theme (Creatives_Planet Emphires) versions up to 3.9, caused by improper control of filename for include/require statements (PHP Remote File Inclusion). Affects Emphires
CVE-2026-39679 WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39649 WordPress Royale News theme <= 2.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through = 2.2.4...
CVE-2026-39649
The CVE-2026-39649 entry concerns the WordPress Royale News theme ( Royale News) version
CVE-2026-39649 WordPress Royale News theme <= 2.2.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royale News: from n/a through = 2.2.4...
CVE-2026-39648
CVE-2026-39648 affects the WordPress Cream Blog theme (Cream Blog) up to version 2.1.7. The issue is a Missing/Incorrectly Configured Access Control vulnerability (Missing Authorization) that allows bypassing normal authorization checks. Documents consistently describe a broken access control vul...
CVE-2026-39648 WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...
CVE-2026-39648 WordPress Cream Blog theme <= 2.1.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Blog: from n/a through = 2.1.7...
CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...
CVE-2026-39641
The CVE-2026-39641 entry concerns a Cross-Site Request Forgery (CSRF) vulnerability affecting Skywarrior Blackfyre (WordPress) theme blackfyre up to version 2.5.4. Public descriptions across NVD, Red Hat, EUVD, CVE records, and related feeds consistently state that this CSRF issue affects Blackfy...
CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...
CVE-2026-39640
CVE-2026-39640 is a high-severity CSRF vulnerability in the WordPress Theme Editor plugin (Theme Editor) affecting versions from unspecified up to and including 3.2. The issue allows code injection/remote code execution and is rated critical (CVSS 3.1: 9.6; network attack vector, low complexity, ...
CVE-2026-39640 WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability
Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...
CVE-2026-39640
Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...
CVE-2026-39640 WordPress Theme Editor plugin <= 3.2 - Cross Site Request Forgery (CSRF) to Remote Code Execution vulnerability
Cross-Site Request Forgery CSRF vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through = 3.2...
CVE-2026-39637 WordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through = 1.2.3...
CVE-2026-39637
CVE-2026-39637 is associated with the WordPress Mogi theme (
CVE-2026-39637 WordPress Mogi theme <= 1.2.3 - Arbitrary Shortcode Execution vulnerability
Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mogi: from n/a through = 1.2.3...