PT-2025-29794 · WordPress · Invico

Name of the Vulnerable Software and Affected Versions: designthemes Invico - WordPress Consulting Business Theme versions through 1.9 Description: The software contains a cross-site scripting issue due to improper neutralization of input during web page generation. This allows for reflected...

WordPress plugin Visual Art | Gallery WordPress Theme 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-29792 · WordPress · Ofiz - Wordpress Business Consulting Theme

Name of the Vulnerable Software and Affected Versions: Ofiz - WordPress Business Consulting Theme versions through 2.0 Description: The software contains a cross-site scripting issue due to improper neutralization of input during web page generation. This allows for reflected cross-site scripting...

CVE-2025-5394

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

CVE-2025-5393

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated...

EUVD-2025-21416

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

CVE-2025-5394

CVE-2025-5394 (Alone – Charity WordPress Theme) Affected product: Alone – Charity Multipurpose Non-profit WordPress Theme (versions up to 7.8.3). Root cause: missing capability check in the function alone_import_pack_install_plugin(), allowing unauthenticated users to upload arbitrary ZIP files d...

CVE-2025-5394 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Upload via Plugin Installation

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the aloneimportpackinstallplugin function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers ...

CVE-2025-5393 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary File Deletion

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated...

CVE-2025-5393

The CVE-2025-5393 entry concerns Alone – Charity Multipurpose Non-profit WordPress Theme. Concrete details from connected docs show: versions up to and including 7.8.3 are affected by missing authorization leading to unauthenticated arbitrary file deletion via alone_import_pack_restore_data(), wi...

CVE-2025-5393 Alone – Charity Multipurpose Non-profit WordPress Theme <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary File Deletion

The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated...

PT-2025-29536

Name of the Vulnerable Software and Affected Versions Alone – Charity Multipurpose Non-profit WordPress Theme versions 7.8.3 and earlier Description The Alone WordPress theme contains a critical vulnerability that allows unauthenticated attackers to upload malicious files, potentially leading to...

WordPress Visual Art | Gallery WordPress Theme Theme <= 2.4 is vulnerable to PHP Object Injection

Software Visual Art | Gallery WordPress Theme Type Theme Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31422 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f75a5b9fac9b Credits Tran Nguyen Bao Khanh VC...

PT-2025-29535

Name of the Vulnerable Software and Affected Versions Alone – Charity Multipurpose Non-profit WordPress Theme versions up to and including 7.8.3 Description The Alone – Charity Multipurpose Non-profit WordPress Theme is vulnerable to arbitrary file deletion due to insufficient file path validatio...

WordPress Alone Theme <= 7.8.2 is vulnerable to Arbitrary File Deletion

Software Alone Type Theme Vulnerable versions = 7.8.2 Fixed in 7.8.5 OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-5393 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 5aa08c886c4e Credits Thái An Required privilege Unauthenticated...

CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it...

CVE-2025-1313

The CVE-2025-1313 entry concerns Nokri – Job Board WordPress Theme. Connected sources confirm a privilege escalation via account takeover vulnerability affecting versions

CVE-2025-1313 Nokri - Job Board WordPress Theme <= 1.6.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it...

PT-2025-29296 · WordPress · The Nokri – Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Nokri - Job Board WordPress Theme versions prior to 1.6.4 Description: The Nokri - Job Board WordPress Theme is susceptible to privilege escalation, potentially leading to account takeover. The issue stems from insufficient validation of a...