CVE-2025-0952

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' AJAX action in all versions up to, and including, 2.0.4. This mak...

CVE-2024-13376

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxgettotalcontentimportitems function in all versions up to, and including, 1.7.8. This makes it possible for authenticated...

CVE-2024-13376 Industrial <= 1.7.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajaxgettotalcontentimportitems function in all versions up to, and including, 1.7.8. This makes it possible for authenticated...

CVE-2025-0952

CVE-2025-0952 affects the Eco Nature - Environment & Ecology WordPress Theme. A missing capability check on the cmsmasters_hide_admin_notice AJAX action in all versions up to 2.0.4 allows authenticated users with Subscriber+ access to modify options (e.g., setting hide) and potentially cause a de...

CVE-2025-0952 Eco Nature - Environment & Ecology WordPress Theme <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmastershideadminnotice' AJAX action in all versions up to, and including, 2.0.4. This mak...

CVE-2025-2289 Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...

CVE-2025-2289 Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates

The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to impor...

CVE-2025-1285

The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the deleteapikey and saveapikey AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to...

CVE-2025-1285

CVE-2025-1285 affects the Resido – Real Estate WordPress Theme. The vulnerability arises from a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to and including 3.6, enabling unauthenticated attackers to issue requests to internal services and updat...

WordPress Civi theme <= 2.1.4 - Sensitive Information Exposure vulnerability

Sensitive Information Exposure vulnerability discovered by Lucio Sá in WordPress Theme Civi versions = 2.1.4...

WordPress Top Store Theme 1.5.4 Privilege Escalation Exploit

import requests import argparse import re import json By Nxploit | Khaled Alenazi def disablesslverification: requests.packages.urllib3.disablewarnings session.verify = False Ignore SSL verification def loginurl, username, password: loginurl = f"url/wp-login.php" logindata = "log": username, "pwd...

Exploit for CVE-2024-10674

CVE-2024-10674 Exploit - Th Shop Mania --username --password...

Exploit for CVE-2024-10673

🔥 Overview This script exploits CVE-2024-10673, a critica...

CVE-2024-12876

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...

CVE-2024-13655

The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...

CVE-2025-0749

The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verificationid' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers t...

CVE-2024-13787

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'vedabackupandrestoreaction' function. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2024-12876

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...

CVE-2024-12876

The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible fo...

CVE-2024-8682

The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the...