CVE-2026-39628

CVE-2026-39628 affects the WordPress DukaMarket theme (kutethemes)

CVE-2026-39625 WordPress TechOne theme <= 3.0.3 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...

CVE-2026-39625 WordPress TechOne theme <= 3.0.3 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes TechOne techone allows Code Injection.This issue affects TechOne: from n/a through = 3.0.3...

CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through = 1.3.0...

CVE-2026-39627

CVE-2026-39627 is associated with the WordPress theme Ashe (vulnerable up to version 2.266). The issue is described as a Missing Authorization vulnerability caused by “Exploiting Incorrectly Configured Access Control Security Levels,” enabling access control bypass. Affected product/component: Wo...

CVE-2026-39622 WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...

CVE-2026-39623

CVE-2026-39623 concerns the WordPress Biolife theme (kutethemes Biolife) with an improper control of the filename in PHP include/require, resulting in a PHP Local File Inclusion vulnerability (LFI) that is described as a PHP Remote File Inclusion issue in some sources. Affected product: Biolife t...

CVE-2026-39623 WordPress Biolife theme <= 3.2.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in kutethemes Biolife biolife allows PHP Local File Inclusion.This issue affects Biolife: from n/a through = 3.2.3...

CVE-2026-39622

The CVE-2026-39622 entry describes a Missing Authorization vulnerability in the acmethemes Education Base WordPress theme (education-base) affecting versions up to and including 3.0.8. The root cause is Incorrectly Configured Access Control Security Levels, enabling unauthorized access due to bro...

CVE-2026-39621 WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...

CVE-2026-39622 WordPress Education Base theme <= 3.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Base: from n/a through = 3.0.8...

CVE-2026-39620

CVE-2026-39620 is a CSRF vulnerability in the WordPress Appointment theme (

CVE-2026-39619

Summary: CVE-2026-39619 affects the WordPress Busiprof theme (

CVE-2026-39617 WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...

CVE-2026-39619 WordPress Busiprof theme <= 2.5.2 - Cross Site Request Forgery (CSRF) to Arbitrary File Upload vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

CVE-2026-39618 WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through = 7.1...

CVE-2026-39618 WordPress NewsExo theme <= 7.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through = 7.1...

CVE-2026-39618

CVE-2026-39618 affects the WordPress NewsExo theme (themlerile) up to version 7.1. The issue is a Cross-Site Request Forgery (CSRF) vulnerability in NewsExo newsexo that could allow an attacker to induce a user to perform unwanted actions. The available connected sources confirm the vulnerability...

CVE-2026-39617 WordPress Bluestreet theme <= 1.7.3 - Cross Site Request Forgery (CSRF) to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forgery.This issue affects Bluestreet: from n/a through = 1.7.3...