2100 matches found
CVE-2026-27340
CVE-2026-27340 refers to an Local File Inclusion (LFI) vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme affecting versions through 1.3.1. The issue stems from improper control of filenames in PHP include/require statements, enabling inclusion of local files. Public sour...
CVE-2026-27341
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through = 1.2...
CVE-2026-27335 WordPress Ekoterra - NonProfit, Green Energy & Ecology Theme theme <= 1.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Ekoterra - NonProfit, Green Energy & Ecology Theme ekoterra allows PHP Local File Inclusion.This issue affects Ekoterra - NonProfit, Green Energy & Ecology Theme: fr...
CVE-2026-27336
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Consultor | Consulting, Accounting & Legal Counsel WordPress Theme consultor allows PHP Local File Inclusion.This issue affects Consultor | Consulting, Accounting &...
CVE-2026-27337
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme chronicle allows PHP Local File Inclusion.This issue affects Chronicle - Lifestyle Magazine & Blog WordPress...
CVE-2026-27326 WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...
CVE-2026-27098 WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through = 1.2.2...
CVE-2026-27334
CVE-2026-27334: Local File Inclusion in WordPress Alchemists theme (
CVE-2026-27326
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...
CVE-2026-27098 WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through = 1.2.2...
CVE-2026-27098
CVE-2026-27098 affects the WordPress theme Au Pair Agency - Babysitting & Nanny Theme (
CVE-2026-27326 WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme window-ac-services allows PHP Local File Inclusion.This issue affects AC Services | HVAC, Air...
CVE-2026-27334 WordPress Alchemists theme <= 4.6.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in danfisher Alchemists alchemists allows PHP Local File Inclusion.This issue affects Alchemists: from n/a through = 4.6.0...
CVE-2026-27326
CVE-2026-27326 affects the AC Services | HVAC WordPress theme (window-ac-services), with Improper Handling of Include/Require in PHP leading to Local File Inclusion. Public reports (Wordfence) indicate the issue exists for theme versions up to 1.2.5 and is currently Unpatched. Affected component ...
CVE-2026-27097 WordPress CasaMia | Property Rental Real Estate WordPress Theme theme <= 1.1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...
CVE-2026-27097
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Them...
CVE-2026-23801 WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...
CVE-2026-23801
CVE-2026-23801 affects The Issue WordPress theme (<= 1.6.11): Local File Inclusion via improper control of filenames in Include/Require (PHP Remote File Inclusion). CVSS v3.1 base score 8.1 (HIGH, network, no user interaction). Red Hat/NVD/patchstack entries confirm the issue and note the fix;...
CVE-2026-23801 WordPress The Issue theme <= 1.6.11 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affects The Issue: from n/a through = 1.6.11...
CVE-2026-22497
CVE-2026-22497 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Jardi (AncoraThemes) up to version 1.7.2. The connected documents confirm the issue is a PHP Object Injection flaw triggered by untrusted data deserialization, affecting Jardi versions