WordPress Spare Theme <= 1.7 is vulnerable to PHP Object Injection

Software Spare Type Theme Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31919 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 56b785ef822a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Require...

WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...

CVE-2025-31396

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5...

CVE-2025-28945

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme valen allows PHP Local File Inclusion.This issue affects Valen - Sport, Fashion WooCommerce WordPress Theme: from n/a...

CVE-2023-25999 WordPress BodyCenter - Gym, Fitness WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme bodycenter allows PHP Local File Inclusion.This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme...

CVE-2025-28945 WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme valen allows PHP Local File Inclusion.This issue affects Valen - Sport, Fashion WooCommerce WordPress Theme: from n/a...

CVE-2025-31052 WordPress The Fashion - Model Agency One Page Beauty Theme plugin <= 1.4.4 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through = 1.4.4...

CVE-2025-31052

CVE-2025-31052 describes a deserialization of untrusted data vulnerability in the WordPress theme The Fashion - Model Agency One Page Beauty Theme (

CVE-2025-31052 WordPress The Fashion - Model Agency One Page Beauty Theme <= 1.4.4 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme allows Object Injection. This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through 1.4.4...

CVE-2025-31396 WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5...

CVE-2025-31396

CVE-2025-31396: Deserialization of Untrusted Data leading to Object Injection in the FLAP - Business WordPress Theme. Affected: FLAP - Business WordPress Theme (versions from unspecified base up to 1.5). Root cause: untrusted data deserialization enabling object injection. Remediation details are...

CVE-2025-31396 WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5...

CVE-2025-31429 WordPress PressGrid - Frontend Publish Reaction & Multimedia Theme <= 1.3.1 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through 1.3.1...

CVE-2025-32305 WordPress FlatNews theme <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sneeit FlatNews allows Reflected XSS. This issue affects FlatNews: from n/a through 5.8...

WordPress Fitrush theme <= 1.3.4 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Fitrush versions = 1.3.4...

WordPress TinySalt Theme < 3.10.0 is vulnerable to Local File Inclusion

Software TinySalt Type Theme Vulnerable versions 3.10.0 Fixed in 3.10.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49454 Patch priority High CVSS severity High 8.1 Developer LoftOcean PSID f11131feed0e Credits Bonds Required privilege Unauthenticated Published 9...

WordPress Petito Theme <= 1.6.2 is vulnerable to Local File Inclusion

Software Petito Type Theme Vulnerable versions = 1.6.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-27362 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 93ad82bdf854 Credits Phat RiO - BlueRock Required privilege Unauthenticat...

WordPress GiftXtore Theme <= 1.7.4 is vulnerable to Local File Inclusion

Software GiftXtore Type Theme Vulnerable versions = 1.7.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-28888 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1128d46c2de9 Credits Phat RiO - BlueRock Required privilege...

WordPress Grill and Chow Theme <= 1.6 is vulnerable to Local File Inclusion

Software Grill and Chow Type Theme Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49297 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 10cea538663d Credits Bonds Required privilege Unauthenticated...

WordPress SNS Anton Theme <= 4.1 is vulnerable to Local File Inclusion

Software SNS Anton Type Theme Vulnerable versions = 4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-28992 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1a79e587467e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...