CVE-2023-25998

CVE-2023-25998 describes an unauthenticated Local File Inclusion (LFI) in the WordPress theme “Samex - Clean, Minimal Shop WooCommerce” (and its variants) due to improper control of filenames used by include/require in PHP. Affected versions: n/a through 2.6. The issue enables PHP local file incl...

CVE-2024-12827

The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the...

CVE-2024-12827 DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset

The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the...

WordPress Constructor Theme <= 1.6.5 is vulnerable to Broken Access Control

Software Constructor Type Theme Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-53302 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 616342014c3c Credits Sulabh Jain Required privilege...

WordPress plugin MBStore - Digital WooCommerce WordPress Theme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-27070 · WordPress · Dwt - Directory & Listing Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.6 Description: The issue allows for privilege escalation via account takeover due to improper checking of an empty token value prior to resetting a user's passwo...

PT-2025-27130 · WordPress · Davenport

Name of the Vulnerable Software and Affected Versions: Davenport - Versatile Blog and Magazine WordPress Theme versions 1.3 and earlier Description: The issue is a Path Traversal vulnerability that allows PHP Local File Inclusion. This vulnerability enables an attacker to access and include local...

PT-2025-27087 · Mbstore · Mbstore

Name of the Vulnerable Software and Affected Versions: MBStore - Digital WooCommerce WordPress Theme versions 2.3 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows...

WordPress Red Art Theme <= 3.7 is vulnerable to PHP Object Injection

Software Red Art Type Theme Vulnerable versions = 3.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52828 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 443adc1cb34f Credits Frank Required privilege Subscriber Published 26 June...

WordPress Pressroom - News Magazine WordPress Theme Theme <= 6.9 is vulnerable to Cross Site Scripting (XSS)

Software Pressroom - News Magazine WordPress Theme Type Theme Vulnerable versions = 6.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-32311 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8441b464fd57 Credits Tran Nguyen...

WordPress DWT - Directory & Listing Theme <= 3.3.6 is vulnerable to Privilege Escalation

Software DWT - Directory & Listing Type Theme Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-12827 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c0ebe5820838 Credit...

WordPress Elessi theme <= 6.3.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Elessi versions = 6.3.9...

WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability

WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme = 2.6 - Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Samex - Clean, Minimal Shop WooCommerce WordPress Theme versions = 2.6...

WordPress Blogbyte theme <= 1.1.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Blogbyte versions = 1.1.1...

WordPress Blogprise Theme <= 1.0.9 is vulnerable to Local File Inclusion

Software Blogprise Type Theme Vulnerable versions = 1.0.9 Fixed in 1.0.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49277 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1df18a126279 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Blogmine Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Blogmine Type Theme Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49276 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 779447fb763e Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Blogbyte Theme <= 1.1.1 is vulnerable to Local File Inclusion

Software Blogbyte Type Theme Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49275 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 149a2dc2444b Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Litho Theme <= 3.0 is vulnerable to Arbitrary File Deletion

Software Litho Type Theme Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A3: Injection Classification Arbitrary File Deletion CVE CVE-2025-49879 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID b5c6a3b3bdf8 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Blogty Theme <= 1.0.11 is vulnerable to Local File Inclusion

Software Blogty Type Theme Vulnerable versions = 1.0.11 Fixed in 1.0.12 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49278 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 52a382e787f1 Credits Le Ngoc Anh Required privilege Unauthenticated...

WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Sofass versions = 1.3.4...