CVE-2025-47576

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

CVE-2025-47576

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

CVE-2025-39353

CVE-2025-39353 affects Grand Restaurant WordPress Theme, versions ≤ 7.0. The issue is described as a Missing Authorization/Broken Access Control vulnerability, enabling exploitation due to incorrectly configured access controls. Public sources in the provided documents indicate this is a low-seve...

CVE-2025-39353 WordPress Grand Restaurant WordPress theme <= 7.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-39351 WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Cross Site Request Forgery.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-39351 WordPress Grand Restaurant WordPress theme <= 7.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Restaurant WordPress allows Cross Site Request Forgery.This issue affects Grand Restaurant WordPress: from n/a through 7.0...

CVE-2025-39351

CVE-2025-39351: Cross-Site Request Forgery in Grand Restaurant WordPress theme (versions &lt;= 7.0). Affects WordPress Grand Restaurant theme; CSRF vulnerability reported with unauthenticated access and potential for unauthorized actions as described in Patchstack/Red Hat/NVD entries. The Patchst...

CVE-2025-47576 WordPress Bimber - Viral Magazine WordPress Theme theme <= 9.2.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n/a through 9.2.5...

CVE-2025-22790 WordPress moseter theme <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in asmedia allows Reflected XSS.This issue affects moseter: from n/a through 1.3.1...

CVE-2025-22789 WordPress polka dots theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fyrewurks polka dots allows Reflected XSS.This issue affects polka dots: from n/a through 1.2...

CVE-2025-22678 WordPress my white theme <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8...

CVE-2025-22678 WordPress my white theme <= 2.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8...

PT-2025-22035 · WordPress · Bimber

Name of the Vulnerable Software and Affected Versions: Bimber - Viral Magazine WordPress Theme versions n/a through 9.2.5 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion'. This allows for...

WordPress CouponXL Theme <= 4.5.0 is vulnerable to Privilege Escalation

Software CouponXL Type Theme Vulnerable versions = 4.5.0 Fixed in N/A OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2025-39489 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID ba176572a1dc Credits Bonds Required...

WordPress The Business Theme <= 1.6.1 is vulnerable to PHP Object Injection

Software The Business Type Theme Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31430 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6b1df0573f1a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress HotStar – Multi-Purpose Business Theme Theme <= 1.4 is vulnerable to PHP Object Injection

Software HotStar – Multi-Purpose Business Theme Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31069 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5302a6861163 Credits Tran Nguyen Bao Khanh...

CVE-2025-31071 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4...

WordPress HotStar – Multi-Purpose Business Theme Theme <= 1.4 is vulnerable to Broken Access Control

Software HotStar – Multi-Purpose Business Theme Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Broken Access Control CVE CVE-2025-31071 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bb3eaed13631 Credits Tran...

WordPress Spare Theme <= 1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Spare Type Theme Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-31639 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8be491392588 Credits Tran Nguyen Bao Khanh VCI - VN...

WordPress Plant - Gardening & Houseplants WordPress Theme Theme <= 1.0.0 is vulnerable to Sensitive Data Exposure

Software Plant - Gardening & Houseplants WordPress Theme Type Theme Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2025-31051 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID ca2fd8b84100 Credit...