CVE-2025-32926

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-47576

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

WordPress Vizeon - Business Consulting theme <= 1.1.7 - Local File Inclusion Vulnerability

WordPress Vizeon - Business Consulting theme = 1.1.7 - Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vizeon - Business Consulting versions = 1.1.7...

WordPress Finance Consultant theme <= 2.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Finance Consultant versions = 2.8...

CVE-2025-4524

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

CVE-2025-4524

The CVE-2025-4524 entry concerns the Madara – Responsive and modern WordPress theme for manga sites. A Local File Inclusion exists in all versions up to 2.2.2 via the template parameter, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server, potentially bypas...

CVE-2025-4524 Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

CVE-2025-4524 Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

WordPress Fish House Theme <= 1.2.7 is vulnerable to PHP Object Injection

Software Fish House Type Theme Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31631 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID db73d8c2822e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

PT-2025-22325

Name of the Vulnerable Software and Affected Versions Madara – Responsive and modern WordPress theme for manga sites versions 2.2.2 and earlier Description The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the template parameter, making it possibl...

WordPress Samantha Theme <= 1.1.0 is vulnerable to Local File Inclusion

Software Samantha Type Theme Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 854b402907c3 Credits Bonds Required privilege Unauthenticated Publish...

WordPress Luique Theme <= 1.3.0 is vulnerable to Local File Inclusion

Software Luique Type Theme Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 5a9a2f9ed771 Credits Bonds Required privilege Unauthenticated Published...

WordPress Insurance Theme <= 3.5 is vulnerable to PHP Object Injection

Software Insurance Type Theme Vulnerable versions = 3.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31634 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1abaf10ffee4 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Ruizarch Theme <= 1.1.0 is vulnerable to Local File Inclusion

Software Ruizarch Type Theme Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID a39d5d2adb6a Credits Bonds Required privilege Unauthenticated Publish...

WordPress Vizeon - Business Consulting Theme <= 1.1.7 is vulnerable to Local File Inclusion

Software Vizeon - Business Consulting Type Theme Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31064 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2f12b007c549 Credits Tran Nguyen Bao Khanh VCI - VN...

WordPress Kinsley Theme <= 3.4.4 is vulnerable to Local File Inclusion

Software Kinsley Type Theme Vulnerable versions = 3.4.4 Fixed in 3.4.5 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f998fc448b70 Credits Bonds Required privilege Unauthenticated Publishe...

WordPress Pet World Theme <= 2.8 is vulnerable to PHP Object Injection

Software Pet World Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32284 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID e46bfa7f1a9a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Butcher Theme <= 2.40 is vulnerable to Local File Inclusion

Software Butcher Type Theme Vulnerable versions = 2.40 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-32286 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1f6df6b29428 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Kiamo - Responsive Business Service WordPress Theme Theme <= 1.3.3 is vulnerable to Local File Inclusion

Software Kiamo - Responsive Business Service WordPress Theme Type Theme Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31633 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 949d41e89bbc Credits Tran...

WordPress Finance Consultant Theme <= 2.8 is vulnerable to PHP Object Injection

Software Finance Consultant Type Theme Vulnerable versions = 2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32293 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f21e6a47c3bc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...