PT-2025-27590 · WordPress · The Home Villas | Real Estate Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The Home Villas | Real Estate WordPress Theme versions up to, and including, 2.8 Description: The issue is related to insufficient file path validation in the wp rem cs widget file delete function, allowing authenticated attackers with...

WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Amwerk versions = 1.2.0...

WordPress Classiera theme <= 4.0.34 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Theme Classiera versions = 4.0.34...

WordPress Kossy - Minimalist eCommerce WordPress Theme Theme <= 1.45 is vulnerable to Local File Inclusion

Software Kossy - Minimalist eCommerce WordPress Theme Type Theme Vulnerable versions = 1.45 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-52807 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 73d9e90a489c Credits Phat RiO ...

WordPress Alone Theme <= 7.8.2 is vulnerable to Arbitrary Code Execution

Software Alone Type Theme Vulnerable versions = 7.8.2 Fixed in 7.8.5 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2025-52718 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 95e1c49b307c Credits Trương Hữu Phúc truonghuuphuc Required privileg...

WordPress Houzez Theme <= 4.0.4 is vulnerable to Local File Inclusion

Software Houzez Type Theme Vulnerable versions = 4.0.4 Fixed in 4.0.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-53198 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d9a95839ea4d Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress CouponXxL Theme <= 3.0.0 is vulnerable to PHP Object Injection

Software CouponXxL Type Theme Vulnerable versions = 3.0.0 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04cffe8dee73 Credits Bonds Required privilege Unauthenticated...

WordPress Networker Theme <= 1.2.0 is vulnerable to Local File Inclusion

Software Networker Type Theme Vulnerable versions = 1.2.0 Fixed in 1.2.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-52723 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f2c06596e847 Credits Bonds Required privilege Unauthenticated...

WordPress Diza Theme <= 1.3.9 is vulnerable to Local File Inclusion

Software Diza Type Theme Vulnerable versions = 1.3.9 Fixed in 1.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-52729 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 99cb58072740 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Home Villas Theme <= 2.8 is vulnerable to Arbitrary File Deletion

Software Home Villas Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-5014 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID cba250cec63a Credits Thái An Required privilege Subscriber Published...

CVE-2025-52811

Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through = 1.3...

CVE-2024-12827

The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the...

WordPress Constructor theme <= 1.6.5 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Sulabh Jain in WordPress Theme Constructor versions = 1.6.5...

CVE-2025-53301 WordPress Theme Junkie Team Content plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Theme Junkie Theme Junkie Team Content theme-junkie-team-content allows DOM-Based XSS.This issue affects Theme Junkie Team Content: from n/a through = 0.1.1...

CVE-2025-52811

Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through = 1.3...

CVE-2023-25998

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: from...

CVE-2025-24769 WordPress Zenny theme <= 1.7.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme Zenny bw-zenny allows PHP Local File Inclusion.This issue affects Zenny: from n/a through = 1.7.5...

CVE-2025-28947 WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows PHP Local File Inclusion.This issue affects MBStore - Digital WooCommerce WordPress Theme: from n/a through ...

CVE-2025-28946 WordPress PrintXtore theme < 1.7.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in BZOTheme PrintXtore bw-printxtore allows PHP Local File Inclusion.This issue affects PrintXtore: from n/a through 1.7.8...

CVE-2025-28947 WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme mbstore allows PHP Local File Inclusion.This issue affects MBStore - Digital WooCommerce WordPress Theme: from n/a through ...