CVE-2026-22365 WordPress Soleng theme <= 1.0.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through = 1.0.5...

CVE-2026-22365 WordPress Soleng theme <= 1.0.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Soleng soleng allows PHP Local File Inclusion.This issue affects Soleng: from n/a through = 1.0.5...

CVE-2026-22364 WordPress SevenTrees theme <=1.0.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through =1.0.2...

CVE-2025-69405 WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through = 1.2.11...

CVE-2025-69409 WordPress PJ | Life & Business Coaching theme <= 3.0.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ | Life & Business Coaching: from n/a through = 3.0.0...

CVE-2025-69409

CVE-2025-69409 is a Local File Inclusion vulnerability in the WordPress theme “PJ | Life & Business Coaching” up to version 3.0.0, caused by improper control of filenames in PHP include/require statements. The issue allows local file inclusion and is described with a High risk (CVSS 3.1: AV:N/AC:...

CVE-2025-69406 WordPress FreightCo theme <= 1.1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects FreightCo: from n/a through = 1.1.7...

CVE-2025-69408

CVE-2025-69408 is a documented Local File Inclusion (LFI) vulnerability in the WordPress plugin/theme stack: HealthFirst by Mikado-Themes, version

CVE-2025-69402

CVE-2025-69402 : Local File Inclusion in the WordPress Theme R&F rf (ThemeREX) via Improper Control of Filename for Include/Require. Affected: ThemeREX R&F rf versions up to and including 1.5. Exploitation context not provided in the sources. Remediation per the connected docs: update ThemeREX R&...

CVE-2025-69404 WordPress Extreme Store theme <= 1.5.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through = 1.5.10...

CVE-2025-69396

CVE-2025-69396 concerns WordPress ThemeREX Splendour (Splendour) versions through 1.23, with an Unauthenticated Local File Inclusion due to improper control of filenames for include/require in PHP (often described as a PHP Remote File Inclusion issue). The connected sources confirm the affected p...

CVE-2025-69385 WordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in AgniHD Cartify - WooCommerce Gutenberg WordPress Theme cartify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cartify - WooCommerce Gutenberg WordPress Theme: from n/a through = 1.3...

CVE-2025-69371

CVE-2025-69371 is a PHP Object Injection vulnerability in the WordPress KindlyCare theme (

CVE-2025-69368 WordPress SOHO - Photography WordPress Theme theme <= 3.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes SOHO - Photography WordPress Theme soho allows DOM-Based XSS.This issue affects SOHO - Photography WordPress Theme: from n/a through = 3.0.3...

CVE-2025-69367 WordPress Oyster - Photography WordPress Theme theme <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through = 4.4.3...

CVE-2025-69296 WordPress Aardvark theme <= 4.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through = 4.6.3...

CVE-2025-68541 WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through = 1.2.0...

CVE-2025-68549 WordPress Wiguard theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through 2.0.1...

CVE-2025-68543 WordPress Diza theme <= 1.3.15 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through = 1.3.15...

CVE-2025-67992

CVE-2025-67992 is a Local File Inclusion vulnerability in the PatioTime WordPress theme from LoftOcean, affecting versions before 2.1. The issue is described as improper control of the filename used by include/require statements in PHP, enabling LFI. Connected documents confirm the affected produ...