WordPress Compass Theme <= 1.1.4 is vulnerable to Sensitive Data Exposure

Software Compass Type Theme Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 702f7ac34caf Credits Legion Hunter Required privilege...

WordPress Poloray Theme <= 1.3.2 is vulnerable to Sensitive Data Exposure

Software Poloray Type Theme Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2025-59003 Patch priority Low CVSS severity Low 5.8 Developer Claim ownership PSID 5bedfaf94c3f Credits Legion Hunter Required privilege...

CVE-2025-10134

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...

WordPress Jobify - Job Board WordPress Theme Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Jobify - Job Board WordPress Theme Type Theme Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2025-8318 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID edb43386dd8c Credits Muhammad...

CVE-2025-9113

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9112

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccuretempfileuploader' function in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to...

CVE-2025-7718

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email...

WordPress XStore theme < 9.6.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions 9.6.1...

WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions 9.6.1...

PT-2025-37042

Name of the Vulnerable Software and Affected Versions: Resideo Plugin for Resideo - Real Estate WordPress Theme versions prior to 2.5.5 Description: The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is susceptible to privilege escalation via account takeover. The...

CVE-2025-47579 WordPress Photography theme <= 7.5.2 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2...

CVE-2025-47579

CVE-2025-47579 is a WordPress Photography Theme vulnerability (ThemePhotography/Photography) characterized by unauthenticated deserialization of untrusted data, leading to a PHP Object Injection condition. Affected versions are Photography up to 7.5.2. The issue is unauthenticated and impacts the...

CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...

PT-2025-36678

Name of the Vulnerable Software and Affected Versions: Goza - Nonprofit Charity WordPress Theme versions through 3.2.2 Description: The Goza - Nonprofit Charity WordPress Theme is susceptible to arbitrary file deletion due to inadequate file path validation within the alone import pack restore da...

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

CVE-2025-9113

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9113

CVE-2025-9113 concerns the Doccure WordPress theme. The vulnerability is an unauthenticated arbitrary file upload due to missing file-type validation in the doccure_temp_upload_to_media function, affecting all versions up to and including 1.4.8. Consequence: potential remote code execution on the...

CVE-2025-9113 Doccure Core <= 1.5.3 - Unauthenticated Arbitrary File Upload

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9113 Doccure <= 1.4.8 - Unauthenticated Arbitrary File Upload

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

WordPress ShoppyStore theme <= 3.7.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme ShoppyStore versions = 3.7.16...