CVE-2025-62056 WordPress News Event theme <= 1.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through = 1.0.1...

CVE-2025-50006

CVE-2025-50006 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress theme/collection item Jthemes xSmart (xsmart) , affecting versions up to and including 1.2.9.4 . The issue arises from improper handling/neutralization of user-supplied input during web page generation, enabli...

PT-2026-4121

Name of the Vulnerable Software and Affected Versions XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme versions through 2.1.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusio...

WordPress Sober theme <= 3.5.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Sober versions = 3.5.12...

WordPress The Aisle theme < 2.9.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Aisle versions 2.9.1...

CVE-2025-12895

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

EUVD-2026-2816

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

CVE-2025-12895 Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

PT-2026-3002

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium vc contact form request function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers t...

CVE-2025-10915

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

WordPress OneLife theme <= 3.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme OneLife versions = 3.9...

CVE-2025-10915

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2025-10915

The Dreamer Blog WordPress theme (≤ 1.2) is reported to be vulnerable to arbitrary plugin installations due to a missing capability check. The CVE entry CVE-2025-10915 maps to this issue. Wordfence notes indicate the Dreamer Blog vulnerability is still unpatched, highlighting a risk of unauthoriz...

CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

CVE-2025-10915 Dreamer Blog <= 1.2 - Subscriber+ Arbitrary Plugin Installation

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

PT-2026-2349

The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check...

WordPress Search & Go theme <= 2.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Search & Go versions = 2.8...

WordPress xSmart theme <= 1.2.9.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme xSmart versions = 1.2.9.4...

CVE-2016-10997

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php...

CVE-2016-10972

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via tdajaxupdatepanel...