PT-2026-20616

The Mega Store Woocommerce theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the setup widgets function in core/includes/importer/whizzie.php in all versions up to, and including, 5.9. This makes it possible for authenticated attackers, wi...

WordPress Spa and Salon theme <= 1.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Spa and Salon versions = 1.3.2...

CVE-2025-12074

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

CVE-2025-12074 Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure

The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'contextblogmodalpopup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwor...

PT-2026-20219

Name of the Vulnerable Software and Affected Versions Context Blog theme for WordPress versions through 1.2.5 Description The Context Blog theme for WordPress is susceptible to information disclosure in versions up to and including 1.2.5. This is due to inadequate restrictions on post inclusion...

CVE-2026-1729

CVE-2026-1729 concerns the AdForest WordPress theme. It describes an authentication bypass in the function sb_login_user_with_otp_fun, allowing unauthenticated attackers to log in as arbitrary users (including administrators) in all versions up to and including 6.0.12. The underlying cause is imp...

CVE-2026-1729

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lorem Ipsum | Books & Media Store versions = 1.2.6...

Exploit for CVE-2025-5394

CVE-2025-5394 Alone – Charity Mu...

WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Travelicious versions 1.6.7...

WordPress Coachify theme <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Theme Coachify versions = 1.1.5...

WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.7.1...

WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Conference versions = 5.3.4...

CVE-2025-69004

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...

CVE-2026-22382

Cross-Site Request Forgery CSRF vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through = 1.3...

CVE-2026-24612 WordPress Orchid Store theme <= 1.5.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through = 1.5.15...

CVE-2026-22382

Cross-Site Request Forgery CSRF vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through = 1.3...

CVE-2025-69004

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress...

CVE-2026-22458

CVE-2026-22458 corresponds to a Missing Authorization vulnerability in Mikado-Themes Wanderland Wanderland WordPress theme. Public documents consistently describe it as an “Incorrectly Configured Access Control Security Levels” issue affecting Wanderland versions from n/a up to and including 1.5....

CVE-2026-22450

CVE-2026-22450 is documented as a Missing Authorization / broken access control vulnerability in the WordPress theme Don Peppe (Select-Themes) Don Peppe, affected up to version 1.3. Public records from NVD, Red Hat, CIRCL, EUVD/ENISA, and CVE lists confirm the vulnerability description and affect...