WordPress The Restaurant Theme <= 1.4.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Restaurant versions = 1.4.1...

WordPress Cars4Rent Theme <= 1.4.2 is vulnerable to PHP Object Injection

Software Cars4Rent Type Theme Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49434 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 74545c19b3cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Upking - Hiking Club WordPress Theme Theme <= 1.4 is vulnerable to Deserialization of untrusted data

Software Upking - Hiking Club WordPress Theme Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 34c449a0330d Credits Tran Nguyen...

WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine Saga versions = 1.2.7...

CVE-2025-9331

The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcomenoticeimporthandler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress Tourimo theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tourimo versions = 1.2.3...

CVE-2025-8592

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...

WordPress plugin WS Theme Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-49382

Cross-Site Request Forgery CSRF vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through = 2.0...

PT-2025-34340 · WordPress · Spacious

Name of the Vulnerable Software and Affected Versions: Spacious theme for WordPress versions prior to 1.9.12 Description: The Spacious theme for WordPress is susceptible to unauthorized data modification due to the absence of a capability check within the welcome notice import handler function...

WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine versions = 1.2.2...

CVE-2025-6758

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imicagentregister' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticate...

CVE-2025-8592

CVE-2025-8592 affects the Inspiro WordPress theme (versions up to 2.1.2). It is a Cross-Site Request Forgery defect due to missing/incorrect nonce validation in inspiro_install_plugin(), enabling unauthenticated attackers to trigger plugin installations via forged requests if a site admin clicks ...

PT-2025-34189

Name of the Vulnerable Software and Affected Versions: Inspiro theme for WordPress versions prior to 2.1.3 Description: The Inspiro theme for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the inspiro install plugin function. This allows...

WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sala versions = 1.1.6...

CVE-2025-49382

Cross-Site Request Forgery CSRF vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through = 2.0...

CVE-2025-49382

CVE-2025-49382 refers to a Cross-Site Request Forgery (CSRF) vulnerability in the DexignZone JobZilla - Job Board WordPress Theme (versions up to 2.0). The issue enables privilege escalation and affects unauthenticated users, per Patchstack and CVE entries. The vulnerability stems from CSRF prote...

WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobZilla - Job Board WordPress Theme Type Theme Vulnerable versions = 2.0 Fixed in 2.0.1 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-49382 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 33cb80ce3eab Credi...

WordPress Houzez Theme <= 4.1.1 is vulnerable to Broken Access Control

Software Houzez Type Theme Vulnerable versions = 4.1.1 Fixed in 4.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-49406 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 920f9b9106ce Credits Rafie Muhammad Patchstack Required...

PT-2025-33933 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: DexignZone JobZilla - Job Board WordPress Theme versions n/a through 2.0 Description: A Cross-Site Request Forgery CSRF issue exists in DexignZone JobZilla - Job Board WordPress Theme, potentially leading to privilege escalation...