CVE-2026-25352 WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through 1.5.9...

CVE-2026-25350

CVE-2026-25350 is a Reflected XSS vulnerability in the Miti WordPress theme (Miti miti) affecting versions

CVE-2026-25340 WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

CVE-2026-25031 WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in parkofideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through 1.27...

CVE-2026-25031

The CVE-2026-25031 advisory describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Tasty Daily by park_of_ideas. Concrete details across connected sources show that the issue is an Object Injection vulnerability in Tasty Daily tastydaily prior to version 1.27, caused b...

CVE-2026-25029 WordPress KIDZ theme <= 5.24 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in parkofideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through = 5.24...

CVE-2026-22513

CVE-2026-22513 corresponds to a Local File Inclusion in the WordPress Triompher theme (Triompher) up to version 1.1.0, caused by improper control of filenames used in PHP include/require. The vulnerability allows inclusion of local files via the theme’s PHP code; exploitation details and risk spe...

CVE-2026-22508 WordPress Dentalux theme <= 3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through = 3.3...

CVE-2026-22509 WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...

CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

CVE-2026-22502

CVE-2026-22502 (WordPress Mr. Cobbler theme

CVE-2026-22496 WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through = 1.2.10...

WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Miti versions 1.5.3...

WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme Trendustry versions = 1.1.4...

WordPress StreamVid theme < 6.8.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme StreamVid versions 6.8.6...

WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Molla versions 1.5.19...

CVE-2025-60233

CVE-2025-60233 affects WordPress Zuut theme

CVE-2026-27093 WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through 1.5.6...

EUVD-2026-13053

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3...