2135 matches found
CVE-2023-32238 WordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerability
Vulnerability in CodexThemes TheGem Elementor, CodexThemes TheGem WPBakery.This issue affects TheGem Elementor: from n/a before 5.8.1.1; TheGem WPBakery: from n/a before 5.8.1.1...
WordPress Zota theme <= 1.3.14 - Local File Inclusion vulnerability
Software : Zota Type : Theme Vulnerable versions : = 1.3.14 Fixed in : 1.3.15 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-68537 Patchstack priority : Low CVSS severity : 7.5 Required privilege : Contributor Developer : Claim ownership PSID : 058fe19104cc...
CVE-2025-64376 WordPress ListingPro theme < 2.9.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CridioStudio ListingPro listingpro allows Reflected XSS.This issue affects ListingPro: from n/a through 2.9.10...
CVE-2025-64205
CVE-2025-64205 affects WordPress Jannah theme versions up to and including 7.6.0. The issue is an improper control of filename for include/require, enabling PHP Local File Inclusion (LFI). The CVSS 3.1 base score is 8.2 (HIGH) with network attack vector, low attack complexity, no privileges requi...
CVE-2025-64188 WordPress Soledad theme <= 8.6.9 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through = 8.6.9...
CVE-2025-63039
CVE-2025-63039 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress ListingPro theme (ListingPro: ≤2.9.9). Red Hat and ENISA records corroborate the issue affecting ListingPro versions up to 2.9.9 due to incorrectly configured access control security level...
CVE-2025-60056 WordPress Winger theme <= 1.0.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Winger winger allows PHP Local File Inclusion.This issue affects Winger: from n/a through = 1.0.16...
CVE-2025-59134 WordPress Sale! Immigration law, Visa services support, Migration Agent Consulting theme <= 1.5.8 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through = 1.5.8...
CVE-2025-58943 WordPress Agricola theme <= 1.1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Agricola agricola allows PHP Local File Inclusion.This issue affects Agricola: from n/a through = 1.1.0...
CVE-2025-58931
The CVE-2025-58931 entry corresponds to a Local File Inclusion in the WordPress Palatio theme (versions up to 1.6). Affected component: Palatio PHP code; root cause: improper control of filename for include/require statements, enabling PHP Local File Inclusion. Impact: potential disclosure or man...
CVE-2025-58931 WordPress Palatio theme <= 1.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Palatio palatio allows PHP Local File Inclusion.This issue affects Palatio: from n/a through = 1.6...
CVE-2025-58935 WordPress Lunna theme <= 1.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Lunna lunna allows PHP Local File Inclusion.This issue affects Lunna: from n/a through = 1.15...
CVE-2025-58894 WordPress Good Mood theme <= 1.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through = 1.16...
CVE-2025-58893 WordPress Alright theme <= 1.6.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through = 1.6.1...
CVE-2025-58891 WordPress Sanger theme <= 1.24.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Sanger sanger allows PHP Local File Inclusion.This issue affects Sanger: from n/a through = 1.24.0...
CVE-2025-58890 WordPress Playful theme <= 1.19.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Playful playful allows PHP Local File Inclusion.This issue affects Playful: from n/a through = 1.19.0...
CVE-2025-58888 WordPress The Flash theme <= 1.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Flash theflash allows PHP Local File Inclusion.This issue affects The Flash: from n/a through = 1.15...
CVE-2025-58706
CVE-2025-58706 affects the WordPress Woo Hoo theme (axiomthemes Woo Hoo) up to version 1.25. The vulnerability is a Local File Inclusion caused by improper control of filenames for include/require statements (PHP Remote File Inclusion type). Impacted product/file: Woo Hoo theme
CVE-2025-58708 WordPress 777 theme <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes 777 triple-seven allows PHP Local File Inclusion.This issue affects 777: from n/a through = 1.3...
CVE-2025-58708 WordPress 777 theme <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes 777 triple-seven allows PHP Local File Inclusion.This issue affects 777: from n/a through = 1.3...