CVE-2026-22465 WordPress BuddyApp theme <= 1.9.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen BuddyApp buddyapp allows Reflected XSS.This issue affects BuddyApp: from n/a through = 1.9.2...

CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...

CVE-2026-22454

CVE-2026-22454 describes a Deserialization of Untrusted Data vulnerability in ThemeREX Solaris WordPress theme, enabling PHP Object Injection. Affected software is Solaris versions n/a through 2.5. The CVE entry indicates a high-impact issue with a CVSS v3.1 base score of 9.8 (Network, Low comple...

CVE-2026-22453

CVE-2026-22453 is a deserialization-based PHP Object Injection vulnerability in the ThemeREX Pets Club WordPress theme (Pets Club) affecting versions up to 2.3. The issue arises from deserializing untrusted data, enabling object injection. The vulnerability is rated critical (CVSS 3.1 9.8) with n...

CVE-2026-22434

CVE-2026-22434 details a Local File Inclusion in Crown Art (AncoraThemes Crown Art) WordPress theme. Public sources confirm improper control of filename for include/require statements, leading to PHP Local File Inclusion on Crown Art versions n/a–

CVE-2026-22432 WordPress Woopy theme <= 1.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Woopy woopy allows PHP Local File Inclusion.This issue affects Woopy: from n/a through = 1.2...

CVE-2026-22427

CVE-2026-22427 describes a Local File Inclusion vulnerability in Mikado-Themes GoTravel WordPress theme (GoTravel) versions up to 2.1, caused by improper control of the filename in PHP include/require. Public records (NVD/Red Hat/CVE feeds) confirm the issue and rate it high (CVSS v3.1 base score...

CVE-2026-22415 WordPress The Mounty theme <= 1.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes The Mounty the-mounty allows PHP Local File Inclusion.This issue affects The Mounty: from n/a through = 1.1...

CVE-2025-69339 WordPress Molla theme <= 1.5.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through = 1.5.16...

CVE-2025-68554

CVE-2025-68554 affects the Keenarch WordPress theme (versions before 2.0.1). It is an Unrestricted Upload of File with Dangerous Type vulnerability, enabling arbitrary file uploads via Keenarch’s upload handling. Wordfence notes multiple WordPress vulnerability entries and lists Keenarch as patch...

PT-2026-23230

Name of the Vulnerable Software and Affected Versions AncoraThemes Consultor WordPress Theme versions through 1.2.4 Description The AncoraThemes Consultor WordPress Theme contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusio...

PT-2026-23324

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical WordPress Theme: from n/a...

PT-2026-23226

Name of the Vulnerable Software and Affected Versions axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme versions through 1.2.5 Description The axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme contains a flaw related to improper...

PT-2026-23234

Name of the Vulnerable Software and Affected Versions AncoraThemes Apollo | Night Club, DJ Event WordPress Theme versions through 1.3.1 Description The AncoraThemes Apollo | Night Club, DJ Event WordPress Theme contains a flaw related to improper control of filename for include/require statements...

PT-2026-23231

Name of the Vulnerable Software and Affected Versions AncoraThemes Chronicle - Lifestyle Magazine & Blog WordPress Theme versions prior to 1.1 Description The AncoraThemes Chronicle WordPress theme contains a flaw related to improper control of filenames used in include/require statements,...

PT-2026-23233

Name of the Vulnerable Software and Affected Versions AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme versions through 1.0.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion...

PT-2026-23224

Name of the Vulnerable Software and Affected Versions AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme versions through 1.1.2 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion...

WordPress Au Pair Agency - Babysitting & Nanny Theme theme <= 1.2.2 - Deserialization of untrusted data vulnerability

WordPress Au Pair Agency - Babysitting & Nanny Theme theme = 1.2.2 - Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Au Pair Agency - Babysitting & Nanny Theme versions = 1.2.2...

WordPress AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme theme <= 1.2.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme AC Services | HVAC, Air Conditioning & Heating Company WordPress Theme versions = 1.2.5...

WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cookiteer versions = 1.4.8...