CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2108 matches found

Cvelist•added 2025/06/27 11:52 a.m.•13 views

CVE-2025-31067 WordPress Seven Stars theme <= 1.4.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themeton Seven Stars allows Stored XSS. This issue affects Seven Stars: from n/a through 1.4.4...

7.1CVSS0.00185EPSS

Exploits0References1

CVE•added 2025/06/27 11:52 a.m.•14 views

CVE-2025-49883

CVE-2025-49883 affects Greenmart WordPress Theme (versions

8.1CVSS5.9AI score0.00547EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•1 views

CVE-2025-52723 WordPress Networker theme <= 1.2.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in codesupplyco Networker networker allows PHP Local File Inclusion.This issue affects Networker: from n/a through = 1.2.0...

8.1CVSS5.9AI score0.00547EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•2 views

CVE-2025-52729 WordPress Diza theme <= 1.3.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Diza allows PHP Local File Inclusion. This issue affects Diza: from n/a through 1.3.9...

8.1CVSS6.8AI score0.00547EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•9 views

CVE-2025-52799 WordPress LMS theme <= 9.2 - Reflected Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes LMS lms allows Reflected XSS.This issue affects LMS: from n/a through = 9.2...

7.1CVSS0.00185EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•3 views

CVE-2025-52811 WordPress Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Local File Inclusion Vulnerability

Path Traversal vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme allows PHP Local File Inclusion. This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through 1.3...

8.1CVSS6.7AI score0.00257EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•9 views

CVE-2025-52810 WordPress Katerio - Magazine theme <= 1.5.1 - Local File Inclusion Vulnerability

Path Traversal vulnerability in TMRW-studio Katerio - Magazine allows PHP Local File Inclusion. This issue affects Katerio - Magazine: from n/a through 1.5.1...

8.1CVSS0.00257EPSS

Exploits0References1

CVE•added 2025/06/27 11:52 a.m.•17 views

CVE-2025-52811

CVE-2025-52811 is a Path Traversal (Local File Inclusion) vulnerability affecting Davenport - Versatile Blog and Magazine WordPress Theme versions up to 1.3. The CVE entry reports unauthenticated LFI that could enable an attacker to access local files. The issue is rated high: CVSS 3.1 v3 metrics...

8.1CVSS5.9AI score0.00257EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•10 views

CVE-2025-52811 WordPress Davenport - Versatile Blog and Magazine WordPress Theme <= 1.3 - Local File Inclusion Vulnerability

Path Traversal: '.../...//' vulnerability in Creanncy Davenport - Versatile Blog and Magazine WordPress Theme davenport allows PHP Local File Inclusion.This issue affects Davenport - Versatile Blog and Magazine WordPress Theme: from n/a through = 1.3...

8.1CVSS0.00257EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•2 views

CVE-2025-52812 WordPress Domnoo theme <= 1.49 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusWP Domnoo allows PHP Local File Inclusion. This issue affects Domnoo: from n/a through 1.49...

8.1CVSS6.8AI score0.00547EPSS

Exploits0References1

Cvelist•added 2025/06/27 11:52 a.m.•9 views

CVE-2025-52815 WordPress CityGov theme <= 1.9 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CityGov citygov allows PHP Local File Inclusion.This issue affects CityGov: from n/a through = 1.9...

8.1CVSS0.00547EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•1 views

CVE-2025-52815 WordPress CityGov theme <= 1.9 - Local File Inclusion Vulnerability

8.1CVSS5.3AI score0.00547EPSS

Exploits0References1

Vulnrichment•added 2025/06/27 11:52 a.m.•2 views

CVE-2023-25998 WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme samex allows PHP Local File Inclusion.This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme:...

8.1CVSS5.8AI score0.00547EPSS

Exploits0References1

CVE•added 2025/06/27 11:52 a.m.•15 views

CVE-2023-25998

CVE-2023-25998 describes an unauthenticated Local File Inclusion (LFI) in the WordPress theme “Samex - Clean, Minimal Shop WooCommerce” (and its variants) due to improper control of filenames used by include/require in PHP. Affected versions: n/a through 2.6. The issue enables PHP local file incl...

8.1CVSS5.3AI score0.00547EPSS

Exploits0References1

NVD•added 2025/06/27 9:15 a.m.•4 views

CVE-2024-12827

The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the...

9.8CVSS0.00583EPSS

Exploits0References2

Vulnrichment•added 2025/06/27 8:23 a.m.•4 views

CVE-2024-12827 DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset

9.8CVSS7.8AI score0.00583EPSS

Exploits0References2

Positive Technologies•added 2025/06/27 12:0 a.m.•1 views

PT-2025-27130 · WordPress · Davenport

Name of the Vulnerable Software and Affected Versions: Davenport - Versatile Blog and Magazine WordPress Theme versions 1.3 and earlier Description: The issue is a Path Traversal vulnerability that allows PHP Local File Inclusion. This vulnerability enables an attacker to access and include local...

8.1CVSS6.7AI score0.00257EPSS

Exploits0References3

CNNVD•added 2025/06/27 12:0 a.m.•2 views

WordPress plugin MBStore - Digital WooCommerce WordPress Theme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS5.8AI score0.00547EPSS

Exploits0References1

Positive Technologies•added 2025/06/27 12:0 a.m.•2 views

PT-2025-27087 · Mbstore · Mbstore

Name of the Vulnerable Software and Affected Versions: MBStore - Digital WooCommerce WordPress Theme versions 2.3 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows...

8.1CVSS6.7AI score0.00547EPSS

Exploits0References3

Positive Technologies•added 2025/06/27 12:0 a.m.•6 views

PT-2025-27070 · WordPress · Dwt - Directory & Listing Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.6 Description: The issue allows for privilege escalation via account takeover due to improper checking of an empty token value prior to resetting a user's passwo...

9.8CVSS7.5AI score0.00583EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by