WordPress StreamVid theme < 6.8.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme StreamVid versions 6.8.6...

WordPress Molla theme < 1.5.19 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Molla versions 1.5.19...

CVE-2025-60233

CVE-2025-60233 affects WordPress Zuut theme

CVE-2026-27093 WordPress Tripgo theme < 1.5.6 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Tripgo tripgo allows PHP Local File Inclusion.This issue affects Tripgo: from n/a through 1.5.6...

EUVD-2026-13053

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3...

CVE-2026-27096

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3...

CVE-2026-27096 WordPress ColorFolio - Freelance Designer WordPress Theme theme <= 1.3 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3...

CVE-2026-27096

CVE-2026-27096 : Deserialization of Untrusted Data vulnerability in the BuddhaThemes ColorFolio - Freelance Designer WordPress Theme (ColorFolio) up to version 1.3, enabling Object Injection. The issue is described across multiple sources (NVD/Red Hat ENISA/CIRCL, CVE list, PatchStack) with a CVS...

CVE-2026-27096

Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3...

PT-2026-26248

🟠 CVE-2026-27096 - High Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer Word... https://t.co/HOIbh9qxFx https://t.co/LcmJdGrhq3...

PT-2026-26269

🚨 CVE-2025-60237: Wor... Unauthenticated PHP object injection in WordPress theme with 9.8 CVSS - trivial RCE chain waiting to happen. WordPressSec PHPObjectInjection RCE. https://t.co/JStJpfMGvo netsec vulnerability CVE sysadmin zeroday...

WordPress Jannah theme <= 7.6.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Ananda Dhakal Patchstack in WordPress Theme Jannah versions = 7.6.3...

CVE-2026-32487 WordPress Lawyer Landing Page theme <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through = 1.2.7...

CVE-2026-32487 WordPress Lawyer Landing Page theme <= 1.2.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page: from n/a through = 1.2.7...

CVE-2026-32438 WordPress VW School Education theme <= 1.4.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through = 1.4.6...

CVE-2026-32436 WordPress VW Photography theme <= 1.3.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in vowelweb VW Photography vw-photography allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Photography: from n/a through = 1.3.8...

CVE-2026-32438

CVE-2026-32438 affects WordPress VW School Education theme ≤ 1.4.6 due to Missing Authorization and incorrectly configured access control security levels in vw-school-education. This prone configuration enables Broken Access Control, with impact limited to what the source documents state: unspeci...

CVE-2026-32388

CVE-2026-32388 concerns the WordPress GLB theme (linethemes) with versions &lt;= 1.2.2. The issue is described as a Missing Authorization (Broken Access Control) vulnerability due to incorrectly configured access control security levels. The provided documents state affected scope as GLB: from n/...

CVE-2026-32388 WordPress GLB theme <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in linethemes GLB glb allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GLB: from n/a through = 1.2.2...

CVE-2026-32379

CVE-2026-32379 is a Missing Authorization vulnerability in the WordPress plugin/theme set for the raratheme Rara Academic (rara-academic). Affected versions are reported as from n/a through