17 matches found
EUVD-2020-24146
Malware in sbrugna...
EUVD-2020-23992
Malware in sbrugna...
EUVD-2024-47010
Malicious code in bioql PyPI...
EUVD-2025-10392
Malicious code in bioql PyPI...
EUVD-2022-24736
Malicious code in bioql PyPI...
WordPress MediCenter - Health Medical Clinic Theme <= 15.1 is vulnerable to PHP Object Injection
Software MediCenter - Health Medical Clinic Type Theme Vulnerable versions = 15.1 Fixed in 15.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54014 Patch priority High CVSS severity High 9.8 Developer EPC PSID b489f4cff59c Credits Aiden Required privilege...
CVE-2025-5393
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated...
WordPress Houzez Theme <= 4.0.4 is vulnerable to Broken Access Control
Software Houzez Type Theme Vulnerable versions = 4.0.4 Fixed in 4.1.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53997 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d8d88cb889a1 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
WordPress Hestia Theme <= 3.2.10 is vulnerable to Broken Access Control
Software Hestia Type Theme Vulnerable versions = 3.2.10 Fixed in 3.2.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53986 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 41f2dbfe1ff2 Credits Martino Spagnuolo r3verii Required...
WordPress Sala Theme <= 1.1.3 is vulnerable to Broken Access Control
Software Sala Type Theme Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-52803 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 485a6b36a4e6 Credits Thái An Required privilege Unauthenticate...
PT-2025-27070 · WordPress · Dwt - Directory & Listing Wordpress Theme
Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.6 Description: The issue allows for privilege escalation via account takeover due to improper checking of an empty token value prior to resetting a user's passwo...
CVE-2025-39494 WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through 3.4.2...
WordPress Finance Consultant Theme <= 2.8 is vulnerable to PHP Object Injection
Software Finance Consultant Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32293 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f21e6a47c3bc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
CVE-2024-13790
The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
CVE-2024-12810
CVE-2024-12810 applies to the JobCareer WordPress Theme (
CVE-2024-13797 PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution
The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...
PT-2021-16022 · WordPress · Workreap
Name of the Vulnerable Software and Affected Versions: Workreap WordPress theme versions prior to 2.2.2 Description: The issue allows an attacker to trick a logged-in user into submitting a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site...