Lucene search
+L

5814 matches found

Nuclei
Nuclei
added 9 hours ago72 views

All Thrive Themes and Plugins - Unauthenticated Option Update

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

5.3CVSS5.8AI score0.02076EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago57 views

WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting

WordPress Bello Directory & Listing theme before 1.6.0 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape the listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault,...

6.1CVSS5.8AI score0.10769EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago19 views

Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

9.1CVSS8.4AI score0.03946EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago24 views

Themes Coder Ecommerce <= 1.3.4 - SQL Injection

The Themes Coder Ecommerce WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-13726 info: name: Themes Coder Ecommerce = 1.3.4 - SQL...

8.6CVSS8.7AI score0.01931EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago83 views

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

6.1CVSS6.9AI score0.00972EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago53 views

WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting

WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter a search query. Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean...

6.1CVSS5.8AI score0.03611EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago40 views

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

WordPress themes including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4, Transcend = 1.1.8, Affluent = 1.1.0, Bonkers = 1.0.4, Antreas = 1.0.2, Sparkli...

9.8CVSS8.8AI score0.65342EPSS
Exploits1References7
Wordfence Blog
Wordfence Blog
added 3 days ago13 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 6, 2026 to July 12, 2026)

Last week, there were 267 vulnerabilities disclosed in 222 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 136 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

7AI score
Exploits0
NVD
NVD
added 3 days ago9 views

CVE-2026-15336

The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...

4.3CVSS0.0025EPSS
Exploits0References10
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44855

The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...

4.3CVSS6.1AI score0.0025EPSS
Exploits0References10
CVE
CVE
added 3 days ago9 views

CVE-2026-15336

The CVE describes a vulnerability in the Catch Themes Demo Import plugin for WordPress (versions up to and including 3.3). The root cause is in catch_themes_demo_import_activate_plugin(), which is hooked on admin_init when the activate_plugin parameter is present and calls Plugin_Upgrader::instal...

4.3CVSS6.1AI score0.0025EPSS
Exploits0References10
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-15336 Catch Themes Demo Import <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Single Plugin Installation via 'activate_plugin' Parameter

The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...

4.3CVSS0.0025EPSS
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago29 views

Malicious code in @cw-ui/asio-neon-themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcd2366d31cefc8f66861e0e65c782a88c46dc9232d11d463a9fa2869c73dcaa On npm install, postinstall.js reads os.hostname and embeds it as a query parameter in a plain-HTTP GET to a bare IPv4 address...

6.2AI score
Exploits0References2
OSV
OSV
added 5 days ago6 views

MAL-2026-10556 Malicious code in @cw-ui/asio-neon-themes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcd2366d31cefc8f66861e0e65c782a88c46dc9232d11d463a9fa2869c73dcaa On npm install, postinstall.js reads os.hostname and embeds it as a query parameter in a plain-HTTP GET to a bare IPv4 address...

6.2AI score
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-57800

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through = 1.5...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-57788

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Aalto aalto allows PHP Local File Inclusion.This issue affects Aalto: from n/a through = 1.8...

7.5CVSS0.00496EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-57802

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57800 WordPress Overworld theme <= 1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Overworld overworld allows PHP Local File Inclusion.This issue affects Overworld: from n/a through = 1.5...

7.5CVSS0.00496EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-57766

Deserialization of Untrusted Data vulnerability in axiomthemes 777 triple-seven allows Object Injection.This issue affects 777: from n/a through = 1.13.0...

9.8CVSS6.1AI score0.00386EPSS
Exploits0References3
Wordfence Blog
Wordfence Blog
added 2026/07/09 3:39 p.m.14 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 29, 2026 to July 5, 2026)

Last week, there were 250 vulnerabilities disclosed in 181 WordPress Plugins and 41 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 101 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabiliti...

6.9AI score
Exploits0
Rows per page
Query Builder