CVE-2025-69004

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...

CVE-2025-68908 WordPress Barberry theme <= 2.9.9.87 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in temash Barberry barberry allows PHP Local File Inclusion.This issue affects Barberry: from n/a through = 2.9.9.87...

CVE-2025-68901 WordPress Anona theme <= 8.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through = 8.0...

CVE-2025-68902 WordPress Anona theme <= 8.0 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through = 8.0...

CVE-2025-68538 WordPress Craft | Coffee Shop Cafe Restaurant WordPress theme <= 2.3.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Craft craftcoffee allows DOM-Based XSS.This issue affects Craft: from n/a through = 2.3.6...

CVE-2025-67946

CVE-2025-67946 affects the WordPress theme AdForest (AdForest: &lt;= 6.0.11). The issue is described as an improper control of the filename for include/require, leading to a Local File Inclusion (LFI) vulnerability (initial description mentions a PHP Remote File Inclusion context but the observab...

CVE-2025-67946 WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through = 6.0.11...

CVE-2025-67941

CVE-2025-67941 refers to a Local File Inclusion in WordPress theme The Aisle by Elated-Themes, caused by improper control of filename for include/require statements in PHP. Affects The Aisle versions prior to 2.9.1. Impact is local file inclusion via PHP, enabling access to local files. Public ad...

CVE-2025-67619 WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Kids Heaven kids-world allows Object Injection.This issue affects Kids Heaven: from n/a through = 3.2...

CVE-2025-67616

CVE-2025-67616 corresponds to a Local File Inclusion (LFI) vulnerability in the WordPress Mella theme (Mella

CVE-2025-67614 WordPress TheNa theme <= 1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through = 1.5.5...

CVE-2025-67614 WordPress TheNa theme <= 1.5.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through = 1.5.5...

CVE-2025-67616 WordPress Mella theme <= 1.2.29 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through = 1.2.29...

CVE-2025-67616 WordPress Mella theme <= 1.2.29 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Mella mella allows PHP Local File Inclusion.This issue affects Mella: from n/a through = 1.2.29...

CVE-2025-62056

CVE-2025-62056 concerns the WordPress theme News Event (blazethemes) where an Unrestricted Upload of File with Dangerous Type exists in the News Event component. Affected versions are News Event: from n/a through &lt;= 1.0.1, with a reported CVSS v3.1 base score of 9.9 (CRITICAL) and network atta...

CVE-2025-62056 WordPress News Event theme <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through = 1.0.1...

CVE-2025-50006

CVE-2025-50006 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress theme/collection item Jthemes xSmart (xsmart) , affecting versions up to and including 1.2.9.4 . The issue arises from improper handling/neutralization of user-supplied input during web page generation, enabli...

PT-2026-4121

Name of the Vulnerable Software and Affected Versions XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme versions through 2.1.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusio...

WordPress Sober theme <= 3.5.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Sober versions = 3.5.12...

WordPress The Aisle theme < 2.9.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Aisle versions 2.9.1...