CVE-2026-22432 WordPress Woopy theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through = 1.2...

CVE-2026-22427

CVE-2026-22427 describes a Local File Inclusion vulnerability in Mikado-Themes GoTravel WordPress theme (GoTravel) versions up to 2.1, caused by improper control of the filename in PHP include/require. Public records (NVD/Red Hat/CVE feeds) confirm the issue and rate it high (CVSS v3.1 base score...

CVE-2026-22415 WordPress The Mounty theme <= 1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Mounty the-mounty allows PHP Local File Inclusion.This issue affects The Mounty: from n/a through = 1.1...

CVE-2025-69339 WordPress Molla theme <= 1.5.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through = 1.5.16...

CVE-2025-68554

CVE-2025-68554 affects the Keenarch WordPress theme (versions before 2.0.1). It is an Unrestricted Upload of File with Dangerous Type vulnerability, enabling arbitrary file uploads via Keenarch’s upload handling. Wordfence notes multiple WordPress vulnerability entries and lists Keenarch as patch...

PT-2026-23230

Name of the Vulnerable Software and Affected Versions AncoraThemes Consultor WordPress Theme versions through 1.2.4 Description The AncoraThemes Consultor WordPress Theme contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusio...

PT-2026-23226

Name of the Vulnerable Software and Affected Versions axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme versions through 1.2.5 Description The axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme contains a flaw related to improper...

PT-2026-23231

Name of the Vulnerable Software and Affected Versions AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme versions prior to 1.1 Description The AncoraThemes Chronicle WordPress theme contains a flaw related to improper control of filenames used in include/require statements,...

PT-2026-23233

Name of the Vulnerable Software and Affected Versions AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme versions through 1.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion...

PT-2026-23324

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical WordPress Theme: from n/a...

PT-2026-23234

Name of the Vulnerable Software and Affected Versions AncoraThemes Apollo | Night Club, DJ Event WordPress Theme versions through 1.3.1 Description The AncoraThemes Apollo | Night Club, DJ Event WordPress Theme contains a flaw related to improper control of filename for include/require statements...

PT-2026-23224

Name of the Vulnerable Software and Affected Versions AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme versions through 1.1.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion...

WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability

WordPress Au Pair Agency - Babysitting & Nanny Theme theme = 1.2.2 - Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Au Pair Agency - Babysitting & Nanny Theme versions = 1.2.2...

WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme versions = 1.2.5...

WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cookiteer versions = 1.4.8...

WordPress Askka theme <= 1.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Askka versions = 1.0...

WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme TheBi versions = 1.0.5...

WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lendiz versions 2.0.1...

Exploit for CVE-2025-39459

📄 Nuclei Template for CVE-2025-39459 🚀 Overview This repo...

CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...