EUVD-2025-206256

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0...

CVE-2025-31051

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0...

CVE-2025-31051 WordPress Plant - Gardening & Houseplants WordPress Theme <= 1.0.0 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0...

PT-2026-1514

Name of the Vulnerable Software and Affected Versions EngoTheme Plant - Gardening & Houseplants WordPress Theme versions through 1.0.0 Description A flaw exists in EngoTheme Plant - Gardening & Houseplants WordPress Theme that could allow for the retrieval of embedded sensitive data. This issue...

WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-caption HTML Attribute vulnerability discovered by Webbernaut in WordPress Theme Phlox versions = 2.17.7...

WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability

Software : Gecko Type : Theme Vulnerable versions : = 1.9.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69080 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 0d458b5a65e6 Credits : Tran...

WordPress Black Rider theme <= 1.2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Theme Black Rider versions = 1.2.3...

CVE-2025-62991 WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thinkupthemes Minamaze minamaze allows Stored XSS.This issue affects Minamaze: from n/a through = 1.10.1...

WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Software : Minamaze Type : Theme Vulnerable versions : = 1.10.1 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62991 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : 8aa231bb7ea9 Credits :...

WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Minamaze versions = 1.10.1...

CVE-2025-68987

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through = 2.9...

WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sound | Musical Instruments Online Store versions = 1.6.9...

WordPress Golo theme <= 1.7.0 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Foxyyy in WordPress Theme Golo versions = 1.7.0...

EUVD-2025-205749

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers cinerama allows PHP Local File Inclusion.This issue affects Cinerama - A WordPress Theme for Movie Studi...

WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability

WordPress Electrician - Electrical Service WordPress theme = 5.6 - Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Theme Electrician - Electrical Service WordPress versions = 5.6...

CVE-2025-68987

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through = 2.9...

CVE-2025-68987 WordPress Cinerama theme <= 2.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through = 2.9...

CVE-2025-68983 WordPress Greenmart theme <= 4.2.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Greenmart greenmart allows PHP Local File Inclusion.This issue affects Greenmart: from n/a through = 4.2.11...

CVE-2025-68987

CVE-2025-68987 is tied to the WordPress theme Cinerama (Branda? no, Cinerama theme) , described as an authenticated local file inclusion (LFI) vulnerability. The Wordfence entry specifies Cinerama

PT-2025-53876

Name of the Vulnerable Software and Affected Versions Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers versions through 2.4 Description The software contains a PHP Local File Inclusion issue due to improper control of filename for include/require statements. This allows f...