CVE-2025-8944

CVE-2025-8944 affects the OceanWP WordPress theme prior to 4.1.2. A missing capability check in an AJAX request handler allows any authenticated user (e.g., a subscriber) to update the darkMod setting. The issue is rooted in insufficient access control within the theme’s option update flow. Remed...

CVE-2025-8684

The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

WordPress SoftMe Theme <= 1.1.24 is vulnerable to Broken Access Control

Software SoftMe Type Theme Vulnerable versions = 1.1.24 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58817 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73da99fa2c92 Credits Martino Spagnuolo r3verii Required...

WordPress Farm Agrico theme <= 1.3.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Farm Agrico versions = 1.3.11...

WordPress Exit Game theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Exit Game versions = 1.4.3...

WordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme EasyEat versions = 1.9.0...

WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Barber Shop versions = 1.9...

WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Theme SaasLauncher versions = 1.3.0...

WordPress Rentic theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Rentic versions = 1.1...

WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Miraculous versions 2.0.9...

WordPress Ziston Theme < 1.4.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Ziston versions 1.4.5...

CVE-2025-54724 WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1...

CVE-2025-54716 WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5...

CVE-2025-53227 WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine Saga magazine-saga allows PHP Local File Inclusion.This issue affects Magazine Saga: from n/a through = 1.2.7...

WordPress Pin WP theme < 7.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Pin WP versions 7.2...

Linux Distros Unpatched Vulnerability : CVE-2020-4049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in...

WordPress Pin WP Theme < 7.2 is vulnerable to Arbitrary File Upload

Software Pin WP Type Theme Vulnerable versions 7.2 Fixed in 7.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-53251 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 85f8a3209836 Credits Bonds Required privilege Subscriber Published 27 August...

WordPress Park - Creative Portfolio WordPress theme theme <= 1.6 - Local File Inclusion vulnerability

WordPress Park - Creative Portfolio WordPress theme theme = 1.6 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Park - Creative Portfolio WordPress Theme versions = 1.6...

WordPress Seppo - Corporate One Page WordPress theme theme <= 1.4 - Local File Inclusion vulnerability

WordPress Seppo - Corporate One Page WordPress theme theme = 1.4 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Seppo - Corporate One Page WordPress Theme versions = 1.4...

WordPress Upking - Hiking Club WordPress Theme Theme <= 1.4 - Deserialization of untrusted data Vulnerability

WordPress Upking - Hiking Club WordPress Theme Theme = 1.4 - Deserialization of untrusted data Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Upking - Hiking Club WordPress Theme versions = 1.4...