WordPress City Hostel Theme <= 1.2.3 is vulnerable to Local File Inclusion

Software City Hostel Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3b527ab49278 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Credit Card Experience Theme <= 1.2.15 is vulnerable to Local File Inclusion

Software Credit Card Experience Type Theme Vulnerable versions = 1.2.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 660aaadb7556 Credits Tran Nguyen Bao Khanh VCI - VNPT...

WordPress Translang Theme <= 1.1.16 is vulnerable to Local File Inclusion

Software Translang Type Theme Vulnerable versions = 1.1.16 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f5cee4143f4e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Travesia Theme <= 1.1.15 is vulnerable to Local File Inclusion

Software Travesia Type Theme Vulnerable versions = 1.1.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 68dec7b64a09 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Callie Britt Theme <= 1.2.3 is vulnerable to Local File Inclusion

Software Callie Britt Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 14891aeee80a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress Birdily | Travel Agency & Tour Booking WordPress Theme Theme <= 1.2.2 is vulnerable to Local File Inclusion

Software Birdily | Travel Agency & Tour Booking WordPress Theme Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d54eefcef883 Credits Tran...

WordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Aiden in WordPress Theme Scape versions = 1.5.13...

CVE-2025-8359

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...

CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...

CVE-2025-8359

CVE-2025-8359 affects the WordPress AdForest theme up to version 6.0.9. The issue is an Authentication Bypass caused by improper user identity verification during login, allowing unauthenticated attackers to log in as other users (including administrators). Public details confirm a high-severity ...

CVE-2025-7366

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...

CVE-2025-7368

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

PT-2025-36348

Name of the Vulnerable Software and Affected Versions: REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to information exposure due to...

PT-2025-36349

Name of the Vulnerable Software and Affected Versions AdForest WordPress Theme versions prior to 6.1.0 Description The AdForest theme for WordPress is susceptible to an authentication bypass, allowing unauthorized user access. The theme does not properly verify a user’s identity before...

PT-2025-36347

Name of the Vulnerable Software and Affected Versions: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to arbitrary shortcode execution...

CVE-2025-58214 WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through 1.3.0...

CVE-2025-58628

CVE-2025-58628 refers to a SQL injection vulnerability in the WordPress theme Miraculous (versions before 2.0.9). The issue is caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Public writeups and vulnerability feeds confirm affected software as ...

CVE-2025-58813

CVE-2025-58813 concerns the WordPress Consultstreet Theme

WordPress Shk Corporate Theme <= 2.4.1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Theme Shk Corporate versions = 2.4.1.1...

WordPress Consultstreet Theme <= 3.0.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Theme Consultstreet versions = 3.0.0...