CVE-2025-60198

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...

CVE-2025-60199

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

CVE-2025-48090

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

CVE-2025-48089

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

EUVD-2025-38116

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

EUVD-2025-38117

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...

CVE-2025-60199

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

CVE-2025-60198

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...

CVE-2025-48090

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

CVE-2025-48089

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

CVE-2025-64287

CVE-2025-64287 concerns WordPress Alloggio - Hotel Booking Theme (Alloggio) versions up to and including 1.8. The issue is an improper control of filenames used in include/require statements, allowing PHP Local File Inclusion (LFI). The vulnerability is described as affecting Alloggio - Hotel Boo...

CVE-2025-62064 WordPress Search & Go theme <= 2.7 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Elated-Themes Search & Go search-and-go allows Password Recovery Exploitation.This issue affects Search & Go: from n/a through = 2.7...

CVE-2025-62055 WordPress Academist theme < 1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Academist academist.This issue affects Academist: from n/a through 1.3...

CVE-2025-62041

CVE-2025-62041 is a cross-site scripting (XSS) vulnerability in the WordPress theme plugin combination “TheGem (Elementor)” (thegem-elementor). Connected sources confirm an improper neutralization of input during web page generation affecting TheGem (Elementor) versions from n/a through ≤ 5.10.5....

CVE-2025-62041 WordPress TheGem (Elementor) theme <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Elementor thegem-elementor.This issue affects TheGem Elementor: from n/a through = 5.10.5.1...

CVE-2025-62034 WordPress Togo theme < 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...

CVE-2025-62028

CVE-2025-62028 affects the WordPress Salient theme prior to 17.4.0, describing a Missing Authorization/Broken Access Control vulnerability that could allow unauthorized access. The issue is mitigated by upgrading to Salient 17.4.0 or later; no exploit details are provided in the sources.

CVE-2025-62012 WordPress TheGem (Elementor) theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Elementor thegem-elementor.This issue affects TheGem Elementor: from n/a through = 5.10.5...

CVE-2025-60199 WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

CVE-2025-60199

The CVE-2025-60199 entry is supported by connected documents describing an improper Filename control for Include/Require in PHP leading to a Local File Inclusion in the dedalx InHype WordPress Theme. Affected product: InHype – Blog & Magazine WordPress Theme, version range from unspecified up to ...