CVE-2025-48089

CVE-2025-48089 is an SQL Injection vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy (histudy) affecting Education WordPress Theme | HiStudy versions from n/a through

CVE-2025-39467

CVE-2025-39467 describes a Path Traversal (PHP Local File Inclusion) vulnerability in the WordPress Wanderland theme (Mikado-Themes Wanderland). Affected: Wanderland versions up to 1.7.1. Root cause: unsanitized path traversal allowing LFI. Impact: potential PHP local file inclusion; severity hig...

CVE-2025-39466

CVE-2025-39466 is a Local File Inclusion vulnerability in the WordPress theme Dør (Mikado-Themes) ≤ 2.4 caused by improper filename handling in PHP include/require. This allows local file inclusion. The issue is fixed in 2.4.1; users should upgrade to 2.4.1 or later. The CVSS 3.1 base score is 8....

PT-2025-45203

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

PT-2025-45202

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

PT-2025-45272

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

PT-2025-45271

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...

WordPress plugin Education WordPress Theme | HiStudy SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Educati...

EUVD-2025-37431

The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-6988

CVE-2025-6988 affects the WordPress KALLYAS theme. The vulnerability is a stored cross-site scripting (XSS) in the KALLYAS theme via several shortcodes, exploitable on versions

CVE-2025-5397

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the checklogin function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers...

PT-2025-44720

Name of the Vulnerable Software and Affected Versions kallyas versions prior to 4.23.1 Description The kallyas theme for WordPress is susceptible to Stored Cross-Site Scripting through multiple shortcodes. Insufficient input sanitization and output escaping on user-supplied attributes allows...

CVE-2025-10897

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

CVE-2025-5397 Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the checklogin function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers...

CVE-2025-5397

The CVE-2025-5397 entry concerns the WordPress Noo JobMonster theme. Affected versions up to 4.8.1 contain an Authentication Bypass due to the check_login() function not properly verifying user identity before authentication, allowing unauthenticated attackers to bypass login and access administr...

EUVD-2025-37307

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the checklogin function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers...

CVE-2025-64286 WordPress WP Rentals theme <= 3.13.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WpEstate WP Rentals wprentals allows Cross Site Request Forgery.This issue affects WP Rentals: from n/a through = 3.13.1...

CVE-2025-64194 WordPress Eduma theme <= 5.7.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through = 5.7.6...

CVE-2025-10737

The Open Source Genesis Framework theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-11897

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ the7fancytitlecss’ parameter in all versions up to, and including, 12.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...