CVE-2025-32311

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs Pressroom pressroom allows Reflected XSS.This issue affects Pressroom: from n/a through = 7.0...

CVE-2025-52807

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows PHP Local File Inclusion.This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through = 1.45...

CVE-2025-32311

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs Pressroom pressroom allows Reflected XSS.This issue affects Pressroom: from n/a through = 7.0...

CVE-2025-32311

CVE-2025-32311 affects the Pressroom – News Magazine WordPress Theme (vulnerable: n/a through 6.9). It is a Reflected XSS vulnerability caused by improper input neutralization during web page generation. Exploitation is possible via network access and requires user interaction; no patch is availa...

CVE-2025-32311 WordPress Pressroom theme <= 7.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs Pressroom pressroom allows Reflected XSS.This issue affects Pressroom: from n/a through = 7.0...

CVE-2025-32311 WordPress Pressroom - News Magazine WordPress Theme theme <= 6.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuanticaLabs Pressroom - News Magazine WordPress Theme allows Reflected XSS. This issue affects Pressroom - News Magazine WordPress Theme: from n/a through 6.9...

CVE-2025-52807 WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows PHP Local File Inclusion.This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through = 1.45...

CVE-2025-52807

CVE-2025-52807 affects the Kossy - Minimalist eCommerce WordPress Theme (

PT-2025-27937 · WordPress · Kossy - Minimalist Ecommerce Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Kossy - Minimalist eCommerce WordPress Theme versions 1.45 and earlier Description: The issue affects the Kossy - Minimalist eCommerce WordPress Theme due to improper control of filename for include/require statement in PHP program, allowing...

PT-2025-27909 · WordPress · Pressroom - News Magazine Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Pressroom - News Magazine WordPress Theme versions n/a through 6.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables...

WordPress RealHomes Theme <= 4.4.0 is vulnerable to Privilege Escalation

Software RealHomes Type Theme Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A5: Security Misconfiguration Classification Privilege Escalation CVE CVE-2025-49867 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 9303a55298f9 Credits Frank Required privilege...

CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

CVE-2024-13786

CVE-2024-13786 affects the WordPress Education Center theme (

CVE-2025-5014 Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion

The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wpremcswidgetfiledelete' function in all versions up to, and including, 2.8. This makes it possible for authenticated attackers, with...

CVE-2025-5014

CVE-2025-5014 (Home Villas real estate WordPress theme) affects versions up to 2.8, with a vulnerability in the wp_rem_cs_widget_file_delete function that allows an authenticated attacker with Subscriber+ privileges to delete arbitrary files on the server due to insufficient file path validation....

WordPress Education Center Theme <= 3.6.10 is vulnerable to PHP Object Injection

Software Education Center Type Theme Vulnerable versions = 3.6.10 Fixed in 3.6.11 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-13786 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 511daf731ac0 Credits Lucio Sá Required privilege...

PT-2025-27590 · WordPress · The Home Villas | Real Estate Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The Home Villas | Real Estate WordPress Theme versions up to, and including, 2.8 Description: The issue is related to insufficient file path validation in the wp rem cs widget file delete function, allowing authenticated attackers with...

WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Amwerk versions = 1.2.0...

WordPress Classiera theme <= 4.0.34 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Theme Classiera versions = 4.0.34...