WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control

Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 616342014c3c Credits Sulabh Jain Required privilege...

WordPress Pressroom - News Magazine WordPress Theme Theme <= 6.9 is vulnerable to Cross Site Scripting (XSS)

Software Pressroom - News Magazine WordPress Theme Type Theme Vulnerable versions = 6.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-32311 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8441b464fd57 Credits Tran Nguyen...

WordPress Red Art Theme <= 3.7 is vulnerable to PHP Object Injection

Software Red Art Type Theme Vulnerable versions = 3.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52828 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 443adc1cb34f Credits Frank Required privilege Subscriber Published 26 June...

WordPress DWT - Directory & Listing Theme <= 3.3.6 is vulnerable to Privilege Escalation

Software DWT - Directory & Listing Type Theme Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-12827 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c0ebe5820838 Credit...

WordPress Elessi theme <= 6.3.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Elessi versions = 6.3.9...

WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability

WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme = 2.6 - Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Samex - Clean, Minimal Shop WooCommerce WordPress Theme versions = 2.6...

WordPress Blogbyte theme <= 1.1.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Blogbyte versions = 1.1.1...

WordPress Blogbyte Theme <= 1.1.1 is vulnerable to Local File Inclusion

Software Blogbyte Type Theme Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49275 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 149a2dc2444b Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Litho Theme <= 3.0 is vulnerable to Arbitrary File Deletion

Software Litho Type Theme Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2025-49879 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b5c6a3b3bdf8 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Blogmine Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Blogmine Type Theme Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49276 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 779447fb763e Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Blogty Theme <= 1.0.11 is vulnerable to Local File Inclusion

Software Blogty Type Theme Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49278 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 52a382e787f1 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Blogprise Theme <= 1.0.9 is vulnerable to Local File Inclusion

Software Blogprise Type Theme Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49277 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1df18a126279 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Sofass versions = 1.3.4...

WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Zita versions = 1.6.5...

WordPress Seven Stars Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Seven Stars Type Theme Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31067 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9c2cf87e3798 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress MBStore - Digital WooCommerce WordPress Theme Theme <= 2.3 is vulnerable to Local File Inclusion

Software MBStore - Digital WooCommerce WordPress Theme Type Theme Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-28947 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID a5b961e153f3 Credits Tran Nguyen Bao...

WordPress Zita Theme <= 1.6.5 is vulnerable to Local File Inclusion

Software Zita Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-52816 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 948a42c80224 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Requir...

WordPress Sofass Theme <= 1.3.4 is vulnerable to Local File Inclusion

Software Sofass Type Theme Vulnerable versions = 1.3.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-24760 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 97dd93e076df Credits Phat RiO - BlueRock Required privilege Unauthenticat...

WordPress Zenny Theme <= 1.7.5 is vulnerable to Local File Inclusion

Software Zenny Type Theme Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-24769 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2ee43f510f3c Credits Phat RiO - BlueRock Required privilege Unauthenticate...

WordPress Puca Theme <= 2.6.33 is vulnerable to Local File Inclusion

Software Puca Type Theme Vulnerable versions = 2.6.33 Fixed in 2.6.34 OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-30992 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 5c9cf9e5fa07 Credits Phat RiO - BlueRock Required privilege...