WordPress CWW Portfolio theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Theme CWW Portfolio versions = 1.3.1...

WordPress Arrival Theme <= 1.4.5 is vulnerable to Local File Inclusion

Software Arrival Type Theme Vulnerable versions = 1.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-32921 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 8025063985d8 Credits Dimas Maulana Required privilege Unauthenticated...

WordPress CWW Portfolio Theme <= 1.3.1 is vulnerable to Local File Inclusion

Software CWW Portfolio Type Theme Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39359 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID ee2d399fdc37 Credits Dimas Maulana Required privilege...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to PHP Object Injection

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-39348 Patch priority High CVSS severity High 9.8 Developer EPC PSID c0bb2279949a Credits Ananda Dhakal Patchstack Required privilege...

WordPress Grace Mag Theme <= 1.1.5 is vulnerable to Local File Inclusion

Software Grace Mag Type Theme Vulnerable versions = 1.1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39360 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 0975a9499751 Credits Dimas Maulana Required privilege Unauthenticated...

WordPress Opstore Theme <= 1.4.5 is vulnerable to Local File Inclusion

Software Opstore Type Theme Vulnerable versions = 1.4.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39387 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID e65604397b41 Credits Dimas Maulana Required privilege Unauthenticated...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Path Traversal

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Path Traversal CVE CVE-2025-32926 Patch priority High CVSS severity High 9.8 Developer EPC PSID f6387809886f Credits Ananda Dhakal Patchstack Required...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Arbitrary Content Deletion

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary Content Deletion CVE CVE-2025-39352 Patch priority High CVSS severity High 8.2 Developer EPC PSID e23a34ecdc50 Credits Ananda Dhakal Patchstack...

CVE-2025-1093 AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image

The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generateimage function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which m...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2025-39351 Patch priority Low CVSS severity Low 4.3 Developer EPC PSID 9bd944eaa16b Credits Ananda Dhakal Patchstack...

WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to Broken Access Control

Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39353 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID ef329deabf36 Credits Ananda Dhakal Patchstack Required...

CVE-2025-27283 WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Path Traversal.This issue affects Theme File Duplicator: from n/a through = 1.3...

CVE-2025-27282 WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Using Malicious Files.This issue affects Theme File Duplicator: from n/a through = 1.3...

CVE-2025-27283 WordPress Theme File Duplicator Plugin <= 1.3 - Arbitrary File Download vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in rockgod100 Theme File Duplicator theme-file-duplicator allows Path Traversal.This issue affects Theme File Duplicator: from n/a through = 1.3...

CVE-2025-39438 WordPress Theme Changer plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in momen2009 Theme Changer theme-changer allows Cross Site Request Forgery.This issue affects Theme Changer: from n/a through = 1.4...

CVE-2025-39438 WordPress Theme Changer plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3...

WordPress Wanderland theme <= 1.7.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Wanderland versions = 1.7.1...

WordPress Ivy School Theme <= 1.6.0 is vulnerable to Local File Inclusion

Software Ivy School Type Theme Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39470 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2982cc652634 Credits Bonds Required privilege Unauthenticated...

WordPress Dør Theme <= 2.4 is vulnerable to Local File Inclusion

Software Dør Type Theme Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39466 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID dbf77e9752df Credits Bonds Required privilege Unauthenticated Published 17...

CVE-2025-30964 WordPress Photography theme < 7.7.6 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through 7.7.6...