CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2135 matches found

EUVD•added 3 hours ago•3 views

EUVD-2025-210254

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS5.1AI score

Exploits0References2

EUVD•added 3 hours ago•6 views

EUVD-2025-210259

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS5.3AI score

Exploits0References2

NVD•added 8 hours ago•3 views

CVE-2025-69130

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS

Exploits0References1

NVD•added 8 hours ago•2 views

CVE-2025-69115

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS

Exploits0References1

Cvelist•added 8 hours ago•4 views

CVE-2025-69128 WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...

8.6CVSS

Exploits0References1

Cvelist•added 9 hours ago•3 views

CVE-2025-69115 WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS

Exploits0References1

Cvelist•added 11 hours ago•6 views

CVE-2024-34810 WordPress Skyline WP theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10...

4.3CVSS

Exploits0References1

CVE•added 12 hours ago•7 views

CVE-2026-42380

CVE-2026-42380 covers the WordPress AI Lab theme prior to version 5.4.2, which is vulnerable to unauthenticated PHP Object Injection. The Patchstack entry and CVE records indicate the vulnerability is fixed in 5.4.2. Impact is high (remote, unauthenticated) per the CVSS vector: Network, None priv...

9.8CVSS5.3AI score

Exploits0References1

Cvelist•added 12 hours ago•4 views

CVE-2026-40749 WordPress Charity Zone theme <= 1.1.1 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Charity Zone = 1.1.1 versions...

9.9CVSS

Exploits0References1

CVE•added 12 hours ago•4 views

CVE-2026-40749

The CVE covers the WordPress Charity Zone theme (versions <= 1.1.1) with a Subscriber Arbitrary File Upload vulnerability. The underlying issue enables arbitrary files to be uploaded due to insecure handling in Charity Zone

9.9CVSS5.2AI score

Exploits0References1

Cvelist•added 12 hours ago•3 views

CVE-2026-40748 WordPress Kids Gift Shop theme <= 0.5.4 - Arbitrary File Upload vulnerability

Subscriber Arbitrary File Upload in Kids Gift Shop = 0.5.4 versions...

9.9CVSS

Exploits0References1

Cvelist•added 12 hours ago•3 views

CVE-2026-40731 WordPress ChapterOne theme <= 1.7 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in ChapterOne = 1.7 versions...

8.1CVSS

Exploits0References1

Cvelist•added 12 hours ago•4 views

CVE-2026-40723 WordPress Bricks Builder theme <= 2.1.4 - Broken Access Control vulnerability

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

4.3CVSS

Exploits0References1

Cvelist•added 12 hours ago•3 views

CVE-2025-69110 WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in AirSupply = 2.0.0 versions...

8.1CVSS

Exploits0References1

CVE•added 12 hours ago•10 views

CVE-2024-49269

CVE-2024-49269 affects the WordPress theme my flatonica <= 0.0.8, with unauthenticated reflected XSS. Affected versions are

7.1CVSS5.1AI score

Exploits0References1

Nuclei•added 17 hours ago•104 views

WordPress Jannah Theme <5.4.5 - Cross-Site Scripting

WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS5.9AI score0.02697EPSS

Exploits2References4

Nuclei•added 17 hours ago•15 views

mTheme Unus < 2.3 - Directory Traversal

The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let attackers access arbitrary files. This was possible by exploiting the files parameter in css/css.php with .. sequences. id: CVE-2015-9406 info: name: mTheme Unus 2.3 - Directory Traversal...

7.5CVSS7.9AI score0.55008EPSS

Exploits1References4

Nuclei•added 17 hours ago•35 views

Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS8.8AI score0.02163EPSS

Exploits0References4

Cvelist•added yesterday•8 views

CVE-2026-40761 WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valeska = 1.2.2 versions...

8.1CVSS

Exploits0References1

Cvelist•added yesterday•6 views

CVE-2026-40754 WordPress Roisin theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Roisin = 1.4 versions...

8.1CVSS

Exploits0References1