2108 matches found
WordPress Mr. Murphy Theme < 1.2.12.1 is vulnerable to PHP Object Injection
Software Mr. Murphy Type Theme Vulnerable versions 1.2.12.1 Fixed in 1.2.12.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49072 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 743adbe763dd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
WordPress Solar Energy Theme <= 3.5 is vulnerable to PHP Object Injection
Software Solar Energy Type Theme Vulnerable versions = 3.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32283 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 835d026bbefc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress The Fashion - Model Agency One Page Beauty Theme plugin <= 1.4.4 - Deserialization of untrusted data Vulnerability
WordPress The Fashion - Model Agency One Page Beauty Theme plugin = 1.4.4 - Deserialization of untrusted data Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Fashion - Model Agency One Page Beauty Theme versions = 1.4.4...
WordPress The Fashion - Model Agency One Page Beauty Theme Theme <= 1.4.4 is vulnerable to Deserialization of untrusted data
Software The Fashion - Model Agency One Page Beauty Theme Type Theme Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31052 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 400ca29478f9 Credi...
WordPress Course Builder Theme < 3.6.6 is vulnerable to PHP Object Injection
Software Course Builder Type Theme Vulnerable versions 3.6.6 Fixed in 3.6.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-48336 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 330f3e0387ca Credits Annn Required privilege Unauthenticated...
WordPress XStore Theme - SQL Injection
SQL Injection vulnerability in the WordPress XStore Theme CVE-2024-33559. This flaw allows remote unauthenticated attackers to execute arbitrary SQL queries via the 's' query parameter in a POST request. id: CVE-2024-33559 info: name: WordPress XStore Theme - SQL Injection author: Haliteroglu...
CVE-2025-31633
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a throu...
CVE-2025-31912
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File Inclusion.This issue affects Enzio - Responsive Business WordPress Theme: from n/a through 1.2.6...
CVE-2025-31912
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File Inclusion.This issue affects Enzio - Responsive Business WordPress Theme: from n/a through 1.2.6...
CVE-2025-31069 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4...
CVE-2025-31912 WordPress Enzio - Responsive Business WordPress Theme theme < 1.2.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Enzio - Responsive Business WordPress Theme enzio allows PHP Local File Inclusion.This issue affects Enzio - Responsive Business WordPress Theme: from n/a through 1.2.6...
CVE-2025-31633 WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a throu...
CVE-2025-31912 WordPress Enzio - Responsive Business WordPress Theme <= 1.1.8 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Enzio - Responsive Business WordPress Theme allows PHP Local File Inclusion. This issue affects Enzio - Responsive Business WordPress Theme: from n/a through 1.1.8...
CVE-2025-31633 WordPress Kiamo - Responsive Business Service WordPress Theme <= 1.3.3 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n/a throu...
CVE-2025-39494 WordPress Wilmër theme < 3.4.2 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Wilmër wilmer allows PHP Local File Inclusion.This issue affects Wilmër: from n/a through 3.4.2...
CVE-2025-39495 WordPress Avantage Theme <= 2.4.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6...
CVE-2025-0515
The Buzz Club – Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' function in all versions up to, and including,...
CVE-2025-0170
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sortby' and 'token' parameters. This makes it possible for unauthenticated attackers to inject...
CVE-2024-52478
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Jobify jobify allows Stored XSS.This issue affects Jobify: from n/a through 4.3.0...
CVE-2024-6987
The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...