2100 matches found
WordPress Askka theme <= 1.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Askka versions = 1.0...
WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme TheBi versions = 1.0.5...
WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lendiz versions 2.0.1...
Exploit for CVE-2025-39459
π Nuclei Template for CVE-2025-39459 π Overview This repo...
CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the blocksymeta metadata fields in all versions up to, and including, 2.1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
WordPress VW Portfolio theme <= 1.3.3 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Theme VW Portfolio versions = 1.3.3...
WordPress The Qlean theme <= 2.12 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme The Qlean versions = 2.12...
WordPress Luxury Wine theme <= 1.1.14 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Luxury Wine versions = 1.1.14...
WordPress Global Logistics theme <= 3.20 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Global Logistics versions = 3.20...
WordPress Nuts theme <= 1.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Nuts versions = 1.10...
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
WordPress M.Williamson theme <= 1.2.11 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme M.Williamson versions = 1.2.11...
WordPress S.King theme <= 1.5.3 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme S.King versions = 1.5.3...
WordPress Happy Baby theme <= 1.2.12 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Happy Baby versions = 1.2.12...
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
CVE-2025-14040 Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
CVE-2025-14040
CVE-2025-14040 : The Automotive Car Dealership WordPress Theme (WordPress theme) is vulnerable to a stored XSS via the action_text, action_button_text, action_link, and action_class fields in the Call to Action across all versions up to 13.4. Exploitation requires contributor-level authentication...
CVE-2025-14040 Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
Exploit for CVE-2025-39459
CVE-2025-39459 Real Estate 7 = 3.5.2 - Unauthenticated Pri...