WordPress BodyCenter - Gym, Fitness WooCommerce WordPress Theme Theme <= 2.4 is vulnerable to Local File Inclusion

Software BodyCenter - Gym, Fitness WooCommerce WordPress Theme Type Theme Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2023-25999 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 7c5537e9d6c0 Credits Tran...

WordPress Nitan Theme <= 2.9 is vulnerable to Local File Inclusion

Software Nitan Type Theme Vulnerable versions = 2.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-24768 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ec6d95e09a1c Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Require...

WordPress RealHomes Theme <= 4.4.0 is vulnerable to Privilege Escalation

Software RealHomes Type Theme Vulnerable versions = 4.4.0 Fixed in 4.4.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-4601 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 08bda80a3ca8 Credits Thái An Require...

WordPress MediClinic Theme <= 2.1 is vulnerable to Local File Inclusion

Software MediClinic Type Theme Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49295 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 856af99d1029 Credits Bonds Required privilege Unauthenticated Published...

WordPress TinySalt Theme < 3.10.0 is vulnerable to PHP Object Injection

Software TinySalt Type Theme Vulnerable versions 3.10.0 Fixed in 3.10.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49455 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 832baca8d9fd Credits Bonds Required privilege Unauthenticated Published 9...

PT-2025-24482 · WordPress · Flap - Business Wordpress Theme

Name of the Vulnerable Software and Affected Versions: FLAP - Business WordPress Theme versions 1.5 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can potentially be exploited, although specific details about the estimated...

CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

CVE-2025-4797

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it...

WordPress Car Repair Services theme <= 5.0 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Bonds in WordPress Theme Car Repair Services versions = 5.0...

WordPress Car Repair Services Theme <= 5.0 is vulnerable to Server Side Request Forgery (SSRF)

Software Car Repair Services Type Theme Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Server Side Request Forgery SSRF CVE CVE-2025-30997 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ac927e58431a Credits Bonds Required privilege...

WordPress Soho Hotel Theme <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Soho Hotel Type Theme Vulnerable versions = 4.2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-39539 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f1eee5277067 Credits Bonds Required privilege Unauthenticated...

CVE-2025-4797

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it...

CVE-2025-4797 Golo <= 1.7.0 - Authentication Bypass to Account Takeover

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it...

PT-2025-23567 · WordPress · The Golo - City Travel Guide Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The Golo - City Travel Guide WordPress Theme version 1.7.0 and earlier Description: The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to setting an authorizatio...

WordPress PIMP - Creative MultiPurpose Theme <= 1.7 is vulnerable to Deserialization of untrusted data

Software PIMP - Creative MultiPurpose Type Theme Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31398 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID edcf31b181b0 Credits Tran Nguyen Bao Kha...

WordPress FlatNews Theme <= 5.8 is vulnerable to Cross Site Scripting (XSS)

Software FlatNews Type Theme Vulnerable versions = 5.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-32305 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ff5e3bb37606 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

WordPress FLAP - Business WordPress Theme Theme <= 1.5 is vulnerable to PHP Object Injection

Software FLAP - Business WordPress Theme Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31396 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7616fcd52be9 Credits Tran Nguyen Bao Khanh VCI -...

WordPress Lesya Theme <= 1.7.2 is vulnerable to Local File Inclusion

Software Lesya Type Theme Vulnerable versions = 1.7.2 Fixed in 1.7.3 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b9712c5f2cb9 Credits Bonds Required privilege Unauthenticated Published ...

WordPress Lettery Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Lettery Type Theme Vulnerable versions = 1.1.7 Fixed in 1.1.8 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 853c7f0a8977 Credits Bonds Required privilege Unauthenticated Publishe...

WordPress Sweet Dessert Theme < 1.1.13 is vulnerable to PHP Object Injection

Software Sweet Dessert Type Theme Vulnerable versions 1.1.13 Fixed in 1.1.13 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49073 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 3fb9eef0dd59 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...