CVE-2025-47579

CVE-2025-47579 is a WordPress Photography Theme vulnerability (ThemePhotography/Photography) characterized by unauthenticated deserialization of untrusted data, leading to a PHP Object Injection condition. Affected versions are Photography up to 7.5.2. The issue is unauthenticated and impacts the...

CVE-2025-47579 WordPress Photography theme <= 7.5.2 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2...

CVE-2025-10134 Goza - Nonprofit Charity WordPress Theme <= 3.2.2 - Missing Authorization to Unauthenticated Arbitrary File Deletion

The Goza - Nonprofit Charity WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the aloneimportpackrestoredata function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to delete...

PT-2025-36678

Name of the Vulnerable Software and Affected Versions: Goza - Nonprofit Charity WordPress Theme versions through 3.2.2 Description: The Goza - Nonprofit Charity WordPress Theme is susceptible to arbitrary file deletion due to inadequate file path validation within the alone import pack restore da...

CVE-2025-9114

The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticat...

CVE-2025-9113

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9113 Doccure Core <= 1.5.3 - Unauthenticated Arbitrary File Upload

The Doccure Core plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.5.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2025-9113 Doccure <= 1.4.8 - Unauthenticated Arbitrary File Upload

The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccuretempuploadtomedia' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...

CVE-2025-9113

CVE-2025-9113 concerns the Doccure WordPress theme. The vulnerability is an unauthenticated arbitrary file upload due to missing file-type validation in the doccure_temp_upload_to_media function, affecting all versions up to and including 1.4.8. Consequence: potential remote code execution on the...

WordPress ShoppyStore theme <= 3.7.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme ShoppyStore versions = 3.7.16...

WordPress Wise Move Theme <= 1.1.15 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Wise Move versions = 1.1.15...

WordPress ChainPress Theme <= 1.0.14 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme ChainPress versions = 1.0.14...

WordPress Albertino Theme <= 2.17.0.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Albertino versions = 2.17.0.0...

WordPress ProDent Theme <= 1.5.9 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme ProDent versions = 1.5.9...

WordPress Healthy Blog Theme <= 1.2.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Healthy Blog versions = 1.2.8...

WordPress Credit Card Experience Theme <= 1.2.15 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Credit Card Experience versions = 1.2.15...

WordPress Lab Theme <= 1.0.0 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Theme Lab versions = 1.0.0...

WordPress ProRange Theme <= 2.3 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme ProRange versions = 2.3...

WordPress Custom Made Theme <= 1.1.17 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh in WordPress Theme Custom Made versions = 1.1.17...

CVE-2025-8359

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...