CVE-2025-1306

The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-1771

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

CVE-2025-1305

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2024-2694

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-2848

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefootertextcallback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into th...

EUVD-2025-206256

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0...

CVE-2025-31051

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0...

CVE-2025-31051 WordPress Plant - Gardening & Houseplants WordPress Theme <= 1.0.0 - Sensitive Data Exposure Vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0...

PT-2026-1514

Name of the Vulnerable Software and Affected Versions EngoTheme Plant - Gardening & Houseplants WordPress Theme versions through 1.0.0 Description A flaw exists in EngoTheme Plant - Gardening & Houseplants WordPress Theme that could allow for the retrieval of embedded sensitive data. This issue...

WordPress Phlox plugin <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-caption HTML Attribute vulnerability discovered by Webbernaut in WordPress Theme Phlox versions = 2.17.7...

WordPress Gecko theme <= 1.9.8 - Local File Inclusion vulnerability

Software : Gecko Type : Theme Vulnerable versions : = 1.9.8 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69080 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 0d458b5a65e6 Credits : Tran...

WordPress Black Rider theme <= 1.2.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Theme Black Rider versions = 1.2.3...

CVE-2025-62991 WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thinkupthemes Minamaze minamaze allows Stored XSS.This issue affects Minamaze: from n/a through = 1.10.1...

WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Software : Minamaze Type : Theme Vulnerable versions : = 1.10.1 OWASP Top 10 : A3: Injection Classification : Cross Site Scripting XSS CVE ID : CVE-2025-62991 Patchstack priority : Low CVSS severity : 6.5 Required privilege : Contributor Developer : Claim ownership PSID : 8aa231bb7ea9 Credits :...

WordPress Minamaze theme <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Theme Minamaze versions = 1.10.1...

CVE-2025-68987

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama cinerama allows PHP Local File Inclusion.This issue affects Cinerama: from n/a through = 2.9...

WordPress Sound | Musical Instruments Online Store theme <= 1.6.9 - Deserialization of untrusted data vulnerability

Deserialization of untrusted data vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sound | Musical Instruments Online Store versions = 1.6.9...

WordPress Golo theme <= 1.7.0 - Authentication Bypass to Account Takeover vulnerability

Authentication Bypass to Account Takeover vulnerability discovered by Foxyyy in WordPress Theme Golo versions = 1.7.0...

EUVD-2025-205749

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers cinerama allows PHP Local File Inclusion.This issue affects Cinerama - A WordPress Theme for Movie Studi...

WordPress Electrician - Electrical Service WordPress theme <= 5.6 - Server Side Request Forgery (SSRF) vulnerability

WordPress Electrician - Electrical Service WordPress theme = 5.6 - Server Side Request Forgery SSRF vulnerability discovered by Bonds in WordPress Theme Electrician - Electrical Service WordPress versions = 5.6...