CVE-2026-25464

CVE-2026-25464 affects the WordPress plugin Jannah (Jannah – Newspaper Magazine News BuddyPress AMP). The Wordfence and NVD entries describe an "Imporper Control of Filename for Include/Require Statement" vulnerability that enables PHP Local File Inclusion via manipulated include/require targets....

CVE-2026-25454 WordPress The League theme <= 4.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in MVPThemes The League the-league allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The League: from n/a through = 4.4.1...

CVE-2026-25382

CVE-2026-25382 affects the IdealAuto WordPress theme (IdealAuto) version prior to 3.8.6. The vulnerability is an Unauthenticated Local File Inclusion due to improper control of the filename used by PHP include/require statements (PHP Remote File Inclusion vector). Exploitation could allow an atta...

CVE-2026-25373 WordPress Vayvo - Media Streaming & Membership WordPress Theme theme < 6.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ProgressionStudios Vayvo vayvo-progression allows Reflected XSS.This issue affects Vayvo: from n/a through 6.8...

CVE-2026-25352 WordPress MyDecor theme < 1.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup MyDecor mydecor allows Reflected XSS.This issue affects MyDecor: from n/a through 1.5.9...

CVE-2026-25350 WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Miti miti allows Reflected XSS.This issue affects Miti: from n/a through 1.5.3...

CVE-2026-25350

CVE-2026-25350 is a Reflected XSS vulnerability in the Miti WordPress theme (Miti miti) affecting versions

CVE-2026-25340 WordPress Jobmonster theme < 4.8.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

CVE-2026-25031

The CVE-2026-25031 advisory describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Tasty Daily by park_of_ideas. Concrete details across connected sources show that the issue is an Object Injection vulnerability in Tasty Daily tastydaily prior to version 1.27, caused b...

CVE-2026-25031 WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in parkofideas Tasty Daily tastydaily allows Object Injection.This issue affects Tasty Daily: from n/a through 1.27...

CVE-2026-25029 WordPress KIDZ theme <= 5.24 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in parkofideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through = 5.24...

CVE-2026-22513

CVE-2026-22513 corresponds to a Local File Inclusion in the WordPress Triompher theme (Triompher) up to version 1.1.0, caused by improper control of filenames used in PHP include/require. The vulnerability allows inclusion of local files via the theme’s PHP code; exploitation details and risk spe...

CVE-2026-22509 WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...

CVE-2026-22508 WordPress Dentalux theme <= 3.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through = 3.3...

CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

CVE-2026-22502

CVE-2026-22502 (WordPress Mr. Cobbler theme

CVE-2026-22496 WordPress Hypnotherapy theme <= 1.2.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Hypnotherapy hypnotherapy allows PHP Local File Inclusion.This issue affects Hypnotherapy: from n/a through = 1.2.10...

WordPress Miti theme < 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Miti versions 1.5.3...

WordPress Trendustry theme <= 1.1.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO in WordPress Theme Trendustry versions = 1.1.4...