EUVD-2024-54110

Malicious code in bioql PyPI...

EUVD-2024-32387

Malicious code in bioql PyPI...

EUVD-2024-27297

Malicious code in bioql PyPI...

EUVD-2024-48464

Malicious code in bioql PyPI...

CVE-2025-9194 Constructor <= 1.6.5 - Missing Authorization to Authenticated (Subscriber+) Theme Clean

The Constructor theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clean function in all versions up to, and including, 1.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger a them...

PT-2025-40485

Name of the Vulnerable Software and Affected Versions Constructor theme for WordPress versions prior to 1.6.6 Description The Constructor theme for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the clean function. Authenticated...

CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in 8theme XStore xstore allows Code Injection.This issue affects XStore: from n/a through 9.6...

CVE-2025-10137 Snow Monkey <= 29.1.5 - Unauthenticated Blind Server-Side Request Forgery

The Snow Monkey theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 29.1.5 via the request function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...

WordPress DentiCare Theme < 1.4.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme DentiCare versions 1.4.3...

WordPress Nokri Theme <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nokri versions = 1.6.4...

CVE-2025-58244

CVE-2025-58244 (Constructo) is a CSRF-related vulnerability in the Constructo WordPress theme that, per the provided documents, allows object injection. Affected software ranges to Constructo versions up to 4.3.9. The CVE description and related references (including Wordfence summaries) confirm ...

CVE-2025-58259 WordPress Nokri Theme <= 1.6.4 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in scriptsbundle Nokri nokri allows Cross Site Request Forgery.This issue affects Nokri: from n/a through = 1.6.4...

CVE-2025-58668

CVE-2025-58668 is a Missing Authorization vulnerability affecting WPLMS (WordPress-based Learning Management System). The CVE entry states impact on WPLMS versions up to 4.970, with a high-severity exposure. The available metrics indicate a network-exposed flaw with no required privileges, and no...

WordPress CouponXxL Theme <= 4.5.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CouponXxL Type Theme Vulnerable versions = 4.5.0 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-58013 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 7ea2a224d874 Credits Bonds Required privilege...

CVE-2025-10690

The Goza - Nonprofit Charity WordPress Theme is affected (versions

PT-2025-38501

Name of the Vulnerable Software and Affected Versions Goza - Nonprofit Charity WordPress Theme versions prior to and including 3.2.2 Description The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the beplus import...

CVE-2025-8999

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

CVE-2025-8999 Sydney <= 2.56 - Missing Authorization to Authenticated (Subscriber+) Limited Theme Options Update

The Sydney theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodules' function in all versions up to, and including, 2.56. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate...

WordPress Logtik theme <= 2.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Logtik versions = 2.3...

WordPress Themia Lite Theme <= 1.5.0 is vulnerable to Sensitive Data Exposure

Software Themia Lite Type Theme Vulnerable versions = 1.5.0 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 9716909e2868 Credits Legion Hunter Required privilege...