CVE-2025-60199 WordPress InHype - Blog & Magazine WordPress Theme theme <= 1.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

CVE-2025-60198 WordPress Saxon - Viral Content Blog & Magazine Marketing WordPress Theme theme <= 1.9.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...

CVE-2025-60198

CVE-2025-60198 affects the WordPress plugin/theme Saxon – Viral Content Blog & Magazine Marketing WordPress Theme (Saxon) up to version 1.9.3. The issue is an improper control of the filename for include/require statements, enabling PHP Local File Inclusion. Affected component: Saxon theme (PHP c...

CVE-2025-58629 WordPress Miraculous theme < 2.0.9 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-54737

CVE-2025-54737 describes a Reflected XSS in NooTheme Jobmonster/noo-jobmonster due to improper input neutralization during web page generation, affecting WordPress Jobmonster theme

CVE-2025-54719

CVE-2025-54719 describes a deserialization of untrusted data vulnerability in the WordPress theme “NooTheme Yogi - Health Beauty & Yoga” (noo-yogi), affecting versions up to and including 2.9.2. The underlying issue is object injection via deserialization. The entry is corroborated by multiple so...

CVE-2025-48089

CVE-2025-48089 is an SQL Injection vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy (histudy) affecting Education WordPress Theme | HiStudy versions from n/a through

EUVD-2025-38018

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

EUVD-2025-38019

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

CVE-2025-39467

CVE-2025-39467 describes a Path Traversal (PHP Local File Inclusion) vulnerability in the WordPress Wanderland theme (Mikado-Themes Wanderland). Affected: Wanderland versions up to 1.7.1. Root cause: unsanitized path traversal allowing LFI. Impact: potential PHP local file inclusion; severity hig...

CVE-2025-39466

CVE-2025-39466 is a Local File Inclusion vulnerability in the WordPress theme Dør (Mikado-Themes) ≤ 2.4 caused by improper filename handling in PHP include/require. This allows local file inclusion. The issue is fixed in 2.4.1; users should upgrade to 2.4.1 or later. The CVSS 3.1 base score is 8....

PT-2025-45203

Path Traversal: '.../...//' vulnerability in CocoBasic Blanka - One Page WordPress Theme blanka-wp allows PHP Local File Inclusion.This issue affects Blanka - One Page WordPress Theme: from n/a through 1.5...

PT-2025-45271

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx Saxon - Viral Content Blog & Magazine Marketing WordPress Theme saxon allows PHP Local File Inclusion.This issue affects Saxon - Viral Content Blog & Magazine Marketing...

WordPress plugin Education WordPress Theme | HiStudy SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Educati...

PT-2025-45202

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

PT-2025-45272

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in dedalx InHype - Blog & Magazine WordPress Theme inhype allows PHP Local File Inclusion.This issue affects InHype - Blog & Magazine WordPress Theme: from n/a through = 1.5.2...

EUVD-2025-37431

The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-6988

CVE-2025-6988 affects the WordPress KALLYAS theme. The vulnerability is a stored cross-site scripting (XSS) in the KALLYAS theme via several shortcodes, exploitable on versions

CVE-2025-5397

The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the checklogin function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers...

PT-2025-44720

Name of the Vulnerable Software and Affected Versions kallyas versions prior to 4.23.1 Description The kallyas theme for WordPress is susceptible to Stored Cross-Site Scripting through multiple shortcodes. Insufficient input sanitization and output escaping on user-supplied attributes allows...