2157 matches found
WordPress Cook&Meal; Theme <= 1.2.3 is vulnerable to Local File Inclusion
Software Cook&Meal Type Theme Vulnerable versions = 1.2.3 Fixed in 1.2.4 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48149 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ab26fb7dc392 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Appzend theme <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via progressbarLayout Parameter vulnerability discovered by Peter Thaleikis in WordPress Theme Appzend versions = 1.2.6...
CVE-2025-6989
The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
WordPress MinimogWP Theme <= 3.9.0 is vulnerable to Content Injection
Software MinimogWP Type Theme Vulnerable versions = 3.9.0 Fixed in 3.9.1 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-8198 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID d80fff95e821 Credits Valatty Required privilege Unauthenticated Published ...
WordPress News Magazine X Theme <= 1.2.35 is vulnerable to Local File Inclusion
Software News Magazine X Type Theme Vulnerable versions = 1.2.35 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-24766 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b88166b6f805 Credits LVT-tholv2k Required privilege...
WordPress KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Theme <= 4.21.0 is vulnerable to Arbitrary File Deletion
Software KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Type Theme Vulnerable versions = 4.21.0 Fixed in 4.22.0 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2025-6989 Patch priority Medium CVSS severity Medium 8.1 Developer EPC PSID fbbebe81e3b7 Credits...
WordPress MediCenter - Health Medical Clinic Theme <= 15.1 is vulnerable to PHP Object Injection
Software MediCenter - Health Medical Clinic Type Theme Vulnerable versions = 15.1 Fixed in 15.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54014 Patch priority High CVSS severity High 9.8 Developer EPC PSID b489f4cff59c Credits Aiden Required privilege...
WordPress Platform Theme < 1.4.4 is vulnerable to Broken Access Control
Software Platform Type Theme Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2015-10143 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04b827207d59 Credits Marc-Alexandre Montpas Required...
CVE-2025-5529 Educenter <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Educenter theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Circle Counter Block in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2015-10143
The CVE-2015-10143 entry concerns the Platform theme for WordPress prior to version 1.4.4, where a missing capability check in the _ajax_save_options() function allows unauthenticated modification of options. Affects the Platform theme (WordPress Platform) and enables updating arbitrary site opti...
WordPress Cena Store Theme <= 2.11.26 is vulnerable to Local File Inclusion
Software Cena Store Type Theme Vulnerable versions = 2.11.26 Fixed in 2.11.27 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48171 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 349bfe1912dd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
WordPress KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Theme <= 4.21.0 is vulnerable to Local File Inclusion
Software KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme Type Theme Vulnerable versions = 4.21.0 Fixed in 4.22.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-6991 Patch priority Low CVSS severity Low 7.5 Developer EPC PSID 34bd1e68ee25 Credits stealthcopt...
WordPress Educenter Theme <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Educenter Type Theme Vulnerable versions = 1.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-5529 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8465b696cfd2 Credits Peter Thaleikis Required privileg...
WordPress Jobmonster Theme <= 4.7.8 is vulnerable to Cross Site Scripting (XSS)
Software Jobmonster Type Theme Vulnerable versions = 4.7.8 Fixed in 4.7.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-53201 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 24486db3ae4e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
CVE-2025-6222
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'cedrnxorderexchangeattachfiles' function in all versions up to, and including, 3.2.6. This...
CVE-2025-31072
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes Ofiz - WordPress Business Consulting Theme ofiz allows Reflected XSS.This issue affects Ofiz - WordPress Business Consulting Theme: from n/a through = 2.0...
CVE-2025-5393
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated...
CVE-2025-5394
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...
WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Theme Builder For Elementor versions = 1.2.3...
CVE-2025-31422
Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through = 2.4...