CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2135 matches found

Cvelist•added 2025/12/18 7:21 a.m.•21 views

CVE-2025-53443 WordPress Smash theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Smash smash allows PHP Local File Inclusion.This issue affects Smash: from n/a through = 1.7...

8.1CVSS0.00415EPSS

Exploits0References1

CVE•added 2025/12/18 7:21 a.m.•10 views

CVE-2025-53442

CVE-2025-53442 concerns the WordPress Rentic theme (versions through 1.1) with an improper control of filenames for include/require statements, enabling PHP Local File Inclusion. The affected component is the Rentic WordPress theme; root cause is filename handling in PHP include/require logic. Th...

8.1CVSS6.7AI score0.00445EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/12/18 7:21 a.m.•17 views

CVE-2025-53437 WordPress Greenorganic theme <= 2.45 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Greenorganic greenorganic allows PHP Local File Inclusion.This issue affects Greenorganic: from n/a through = 2.45...

8.1CVSS0.00415EPSS

Exploits0References1

CVE•added 2025/12/18 7:21 a.m.•9 views

CVE-2025-52768

CVE-2025-52768 concerns the WordPress Faith & Hope theme (

8.1CVSS6.7AI score0.00445EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 7:21 a.m.•1 views

CVE-2025-49941 WordPress GlamChic theme <= 1.0.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes GlamChic glamchic allows PHP Local File Inclusion.This issue affects GlamChic: from n/a through = 1.0.11...

8.1CVSS5.5AI score0.00415EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:21 a.m.•19 views

CVE-2025-52745 WordPress Farm Agrico theme <= 1.3.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Farm Agrico farmagrico allows PHP Local File Inclusion.This issue affects Farm Agrico: from n/a through = 1.3.11...

8.1CVSS0.00445EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:21 a.m.•21 views

CVE-2025-49943 WordPress Femme theme <= 1.3.11 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Femme femme allows PHP Local File Inclusion.This issue affects Femme: from n/a through = 1.3.11...

8.1CVSS0.00415EPSS

Exploits0References1

CVE•added 2025/12/18 7:21 a.m.•9 views

CVE-2025-49370

CVE-2025-49370 affects the WordPress Lymcoin theme (AncoraThemes) up to version 1.3.12. The issue is an improper control of filenames for include/require statements, enabling PHP Local File Inclusion (LFI). Affected scope includes Lymcoin versions through 1.3.12; this vulnerability is categorized...

8.1CVSS6.7AI score0.00445EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:21 a.m.•26 views

CVE-2025-49364 WordPress Ludos Paradise theme <= 2.1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ludos Paradise ludos-paradise allows PHP Local File Inclusion.This issue affects Ludos Paradise: from n/a through = 2.1.3...

8.1CVSS0.00415EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 7:21 a.m.•2 views

CVE-2025-49365 WordPress Jack Well theme <= 1.0.14 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Jack Well jack-well allows PHP Local File Inclusion.This issue affects Jack Well: from n/a through = 1.0.14...

8.1CVSS6.7AI score0.00415EPSS

Exploits0References1

Vulnrichment•added 2025/12/18 7:21 a.m.•2 views

CVE-2025-49363 WordPress Kings & Queens theme <= 1.1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Kings & Queens kings-queens allows PHP Local File Inclusion.This issue affects Kings & Queens: from n/a through = 1.1.16...

8.1CVSS6.7AI score0.00557EPSS

Exploits0References1

Cvelist•added 2025/12/18 7:21 a.m.•20 views

CVE-2025-49359 WordPress ShieldGroup theme <= 2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes ShieldGroup shieldgroup allows PHP Local File Inclusion.This issue affects ShieldGroup: from n/a through = 2.13...

8.1CVSS0.00519EPSS

Exploits0References1

EUVD•added 2025/12/16 9:31 a.m.•2 views

EUVD-2025-203549

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through = 3.9.6...

7.5CVSS6.6AI score0.00306EPSS

Exploits0References2

Cvelist•added 2025/12/16 8:13 a.m.•30 views

CVE-2025-68062 WordPress MinimogWP theme <= 3.9.6 - Local File Inclusion vulnerability

7.5CVSS0.00306EPSS

Exploits0References1

RedhatCVE•added 2025/12/14 5:3 a.m.•3 views

CVE-2025-11164

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS5.1AI score0.00158EPSS

Exploits0References1

NVD•added 2025/12/13 4:16 p.m.•11 views

CVE-2025-7058

The Kingcabs theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00181EPSS

Exploits0References3

RedhatCVE•added 2025/12/13 6:57 a.m.•4 views

CVE-2025-10684

The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary...

4.3CVSS6.9AI score0.00102EPSS

Exploits0References1

Cvelist•added 2025/12/13 4:31 a.m.•20 views

CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation

4.3CVSS0.00158EPSS

Exploits0References2

Vulnrichment•added 2025/12/13 4:31 a.m.•2 views

CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation

4.3CVSS4.8AI score0.00158EPSS

Exploits0References2

CVE•added 2025/12/13 4:31 a.m.•11 views

CVE-2025-7058

CVE-2025-7058 affects the WordPress theme Kingcabs. The vulnerability is a Stored Cross‑Site Scripting (XSS) in the progressbarLayout parameter present in versions up to 1.1.9. Exploitation requires authenticated access at Contributor level or higher ; an attacker can inject scripts that execute ...

6.4CVSS4.8AI score0.00181EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by