CVE-2025-2289

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...

CVE-2025-0952

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' AJAX action in all versions up to, and including, 2.0.4. This mak...

CVE-2024-13376

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxgettotalcontentimportitems function in all versions up to, and including, 1.7.8. This makes it possible for authenticated...

CVE-2025-1773

The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2025-1771

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2025-1773

CVE-2025-1773 affects the WordPress Traveler theme (

CVE-2025-1773 Traveler <= 3.1.8 - Reflected Cross-Site Scripting

The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2025-1771

CVE-2025-1771 affects the Traveler WordPress Theme (

WordPress Traveler plugin <= 3.1.8 - Unauthenticated Local File Inclusion via hotel_alone_load_more_post vulnerability

Unauthenticated Local File Inclusion via hotelaloneloadmorepost vulnerability discovered by István Márton in WordPress Theme Traveler versions = 3.1.8...

CVE-2024-13773

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including Linked...

CVE-2024-12810

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, wit...

CVE-2024-13773

CVE-2024-13773 affects the Civi - Job Board & Freelance Marketplace WordPress Theme (

CVE-2024-13772 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fbajaxloginorregister and googleajaxloginorregist...

CVE-2024-13772 Civi - Job Board & Freelance Marketplace WordPress Theme <= 2.1.6.1 - Authentication Bypass

The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.6.1. This is due to a lack of password randomization and user validation through the fbajaxloginorregister and googleajaxloginorregist...

CVE-2024-12810

CVE-2024-12810 applies to the JobCareer WordPress Theme (

WordPress Eco Nature - Environment & Ecology WordPress theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

WordPress Eco Nature - Environment & Ecology WordPress theme = 2.0.4 - Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Lucio Sá in WordPress Theme Eco Nature versions = 2.0.4...

CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...

CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...

CVE-2025-2289

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...

CVE-2025-2289

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...