2105 matches found
CVE-2025-7368
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...
CVE-2025-7366
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...
WordPress Callie Britt Theme <= 1.2.3 is vulnerable to Local File Inclusion
Software Callie Britt Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 14891aeee80a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...
WordPress City Hostel Theme <= 1.2.3 is vulnerable to Local File Inclusion
Software City Hostel Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3b527ab49278 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Gutentype Theme <= 2.1.11 is vulnerable to Local File Inclusion
Software Gutentype Type Theme Vulnerable versions = 2.1.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 42f4a10f514e Credits Bonds Required privilege Unauthenticated Publish...
WordPress Translang Theme <= 1.1.16 is vulnerable to Local File Inclusion
Software Translang Type Theme Vulnerable versions = 1.1.16 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f5cee4143f4e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress PathWell Theme <= 1.1.16 is vulnerable to Local File Inclusion
Software PathWell Type Theme Vulnerable versions = 1.1.16 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 48d7c14445e6 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress AlphaColor Theme <= 1.4.11.1 is vulnerable to Local File Inclusion
Software AlphaColor Type Theme Vulnerable versions = 1.4.11.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 64fc4d9d2990 Credits Bonds Required privilege Unauthenticated...
WordPress Anesta Theme <= 1.2.1 is vulnerable to Local File Inclusion
Software Anesta Type Theme Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f2fff1320acd Credits Bonds Required privilege Unauthenticated Published 8...
WordPress Albertino Theme <= 2.17.0.0 is vulnerable to Local File Inclusion
Software Albertino Type Theme Vulnerable versions = 2.17.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 40ad094b629a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...
WordPress ProGuards Theme <= 2.13.0 is vulnerable to Local File Inclusion
Software ProGuards Type Theme Vulnerable versions = 2.13.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 854fcc2996a0 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Travesia Theme <= 1.1.15 is vulnerable to Local File Inclusion
Software Travesia Type Theme Vulnerable versions = 1.1.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 68dec7b64a09 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Smart Casa Theme <= 1.0.11 is vulnerable to Local File Inclusion
Software Smart Casa Type Theme Vulnerable versions = 1.0.11 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID fbd7731da0a1 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Credit Card Experience Theme <= 1.2.15 is vulnerable to Local File Inclusion
Software Credit Card Experience Type Theme Vulnerable versions = 1.2.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 660aaadb7556 Credits Tran Nguyen Bao Khanh VCI - VNPT...
WordPress HotLock Theme <= 1.3.9 is vulnerable to Local File Inclusion
Software HotLock Type Theme Vulnerable versions = 1.3.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 457feca0b67b Credits Bonds Required privilege Unauthenticated Published ...
WordPress Birdily | Travel Agency & Tour Booking WordPress Theme Theme <= 1.2.2 is vulnerable to Local File Inclusion
Software Birdily | Travel Agency & Tour Booking WordPress Theme Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d54eefcef883 Credits Tran...
WordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Aiden in WordPress Theme Scape versions = 1.5.13...
CVE-2025-8359
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...
CVE-2025-8359 AdForest <= 6.0.9 - Authentication Bypass to Admin
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users,...
CVE-2025-8359
CVE-2025-8359 affects the WordPress AdForest theme up to version 6.0.9. The issue is an Authentication Bypass caused by improper user identity verification during login, allowing unauthenticated attackers to log in as other users (including administrators). Public details confirm a high-severity ...