2135 matches found
CVE-2026-22382 WordPress PawFriends - Pet Shop and Veterinary WordPress Theme theme <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through = 1.3...
CVE-2026-22382
CVE-2026-22382: CSRF vulnerability in Mikado-Themes PawFriends – Pet Shop and Veterinary WordPress Theme (pawfriends), affected versions from n/a to
CVE-2025-69321 WordPress Grand Spa theme <= 3.5.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Spa grandspa allows Reflected XSS.This issue affects Grand Spa: from n/a through = 3.5.5...
CVE-2025-69100 WordPress North theme <= 5.7.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through = 5.7.5...
CVE-2025-69079 WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Musical Instruments Online Store musicplace allows Object Injection.This issue affects Sound | Musical Instruments Online Store: from n/a through = 1.6.9...
CVE-2025-69079 WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Musical Instruments Online Store musicplace allows Object Injection.This issue affects Sound | Musical Instruments Online Store: from n/a through = 1.6.9...
CVE-2025-69076
CVE-2025-69076 concerns the WordPress/AncoraThemes Modern Housewife theme up to version 1.0.12, with an Unauthenticated Local File Inclusion due to Improper Filename Control in PHP Include/Require. The vulnerability allows local file inclusion via PHP Include/Require statements; current reference...
CVE-2025-69074 WordPress Pearson Specter theme <= 1.11.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through = 1.11.3...
CVE-2025-69074
CVE-2025-69074 describes an Unauthenticated Local File Inclusion (LFI) in the WordPress theme Pearson Specter by AncoraThemes, affecting Pearson Specter versions up to and including 1.11.3. The vulnerability arises from improper filename control for PHP include/require, enabling an attacker to di...
CVE-2025-69065 WordPress Snow Mountain theme <= 1.4.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a through = 1.4.3...
CVE-2025-69064 WordPress Pets Land theme <= 1.2.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Pets Land petsland allows PHP Local File Inclusion.This issue affects Pets Land: from n/a through = 1.2.8...
CVE-2025-69061 WordPress MoveMe theme <= 1.2.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes MoveMe moveme allows PHP Local File Inclusion.This issue affects MoveMe: from n/a through = 1.2.15...
CVE-2025-69057 WordPress Eldon theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Eldon eldon allows PHP Local File Inclusion.This issue affects Eldon: from n/a through = 1.0...
CVE-2025-69058 WordPress PartyMaker theme <= 1.1.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes PartyMaker partymaker allows PHP Local File Inclusion.This issue affects PartyMaker: from n/a through = 1.1.15...
CVE-2025-69051
CVE-2025-69051 is a confirmed Reflected XSS in ListingPro Reviews (CridioStudio ListingPro Reviews plugin). Affected: ListingPro Reviews versions from n/a up to and including 1.7. Root cause per description: improper neutralization of input during web page generation. Connected sources list Refle...
CVE-2025-69039 WordPress Bailly theme <= 1.3.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Bailly bailly allows PHP Local File Inclusion.This issue affects Bailly: from n/a through = 1.3.4...
CVE-2025-69004 WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...
CVE-2025-69005 WordPress Search & Go theme <= 2.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Search & Go search-and-go allows PHP Local File Inclusion.This issue affects Search & Go: from n/a through = 2.8...
CVE-2025-69004 WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...
CVE-2025-69004
The CVE-2025-69004 entry relates to XpeedStudio Bajaar (WordPress theme) versions up to and including 2.1.0, with an Improper Filename for Include/Require Statement vulnerability that enables PHP Local File Inclusion. It is listed as a high-severity issue (CVSS 3.1: 8.1, network attack vector, no...