CVE-2025-7366

The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...

CVE-2025-7368

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

PT-2025-36348

Name of the Vulnerable Software and Affected Versions: REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to information exposure due to...

PT-2025-36349

Name of the Vulnerable Software and Affected Versions AdForest WordPress Theme versions prior to 6.1.0 Description The AdForest theme for WordPress is susceptible to an authentication bypass, allowing unauthorized user access. The theme does not properly verify a user’s identity before...

PT-2025-36347

Name of the Vulnerable Software and Affected Versions: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme versions prior to 19.9.8 Description: The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme for WordPress is susceptible to arbitrary shortcode execution...

CVE-2025-58214 WordPress Indutri Theme < 1.3.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indutri: from n/a through 1.3.0...

CVE-2025-58628

CVE-2025-58628 refers to a SQL injection vulnerability in the WordPress theme Miraculous (versions before 2.0.9). The issue is caused by improper neutralization of special elements in SQL commands, enabling blind SQL injection. Public writeups and vulnerability feeds confirm affected software as ...

CVE-2025-58813

CVE-2025-58813 concerns the WordPress Consultstreet Theme

WordPress Shk Corporate Theme <= 2.4.1.1 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Martino Spagnuolo r3verii in WordPress Theme Shk Corporate versions = 2.4.1.1...

WordPress Consultstreet Theme <= 3.0.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Anhchangmutrang in WordPress Theme Consultstreet versions = 3.0.0...

CVE-2025-8944

CVE-2025-8944 affects the OceanWP WordPress theme prior to 4.1.2. A missing capability check in an AJAX request handler allows any authenticated user (e.g., a subscriber) to update the darkMod setting. The issue is rooted in insufficient access control within the theme’s option update flow. Remed...

CVE-2025-8684

The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

WordPress SoftMe Theme <= 1.1.24 is vulnerable to Broken Access Control

Software SoftMe Type Theme Vulnerable versions = 1.1.24 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58817 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73da99fa2c92 Credits Martino Spagnuolo r3verii Required...

WordPress Farm Agrico theme <= 1.3.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Farm Agrico versions = 1.3.11...

WordPress Exit Game theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Exit Game versions = 1.4.3...

WordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme EasyEat versions = 1.9.0...

WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Barber Shop versions = 1.9...

WordPress SaasLauncher Theme <= 1.3.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Theme SaasLauncher versions = 1.3.0...

WordPress Rentic theme <= 1.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Rentic versions = 1.1...

WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Miraculous versions 2.0.9...