WordPress Ziston Theme < 1.4.5 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Bonds in WordPress Theme Ziston versions 1.4.5...

CVE-2025-54724 WordPress Golo Theme <= 1.7.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1...

CVE-2025-54716 WordPress Ireca Theme <= 1.8.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ovatheme Ireca allows PHP Local File Inclusion. This issue affects Ireca: from n/a through 1.8.5...

CVE-2025-53227 WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in unfoldwp Magazine Saga magazine-saga allows PHP Local File Inclusion.This issue affects Magazine Saga: from n/a through = 1.2.7...

WordPress Pin WP theme < 7.2 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Pin WP versions 7.2...

WordPress Pin WP Theme < 7.2 is vulnerable to Arbitrary File Upload

Software Pin WP Type Theme Vulnerable versions 7.2 Fixed in 7.2 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2025-53251 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 85f8a3209836 Credits Bonds Required privilege Subscriber Published 27 August...

Linux Distros Unpatched Vulnerability : CVE-2020-4049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in...

WordPress Park - Creative Portfolio WordPress theme theme <= 1.6 - Local File Inclusion vulnerability

WordPress Park - Creative Portfolio WordPress theme theme = 1.6 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Park - Creative Portfolio WordPress Theme versions = 1.6...

WordPress Seppo - Corporate One Page WordPress theme theme <= 1.4 - Local File Inclusion vulnerability

WordPress Seppo - Corporate One Page WordPress theme theme = 1.4 - Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Seppo - Corporate One Page WordPress Theme versions = 1.4...

WordPress Upking - Hiking Club WordPress Theme Theme <= 1.4 - Deserialization of untrusted data Vulnerability

WordPress Upking - Hiking Club WordPress Theme Theme = 1.4 - Deserialization of untrusted data Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Upking - Hiking Club WordPress Theme versions = 1.4...

WordPress The Restaurant Theme <= 1.4.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Restaurant versions = 1.4.1...

WordPress Cars4Rent Theme <= 1.4.2 is vulnerable to PHP Object Injection

Software Cars4Rent Type Theme Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49434 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 74545c19b3cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Upking - Hiking Club WordPress Theme Theme <= 1.4 is vulnerable to Deserialization of untrusted data

Software Upking - Hiking Club WordPress Theme Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 34c449a0330d Credits Tran Nguyen...

WordPress Magazine Saga Theme <= 1.2.7 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine Saga versions = 1.2.7...

CVE-2025-9331

The Spacious theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'welcomenoticeimporthandler' function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress Tourimo theme <= 1.2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tourimo versions = 1.2.3...

CVE-2025-8592

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...

WordPress plugin WS Theme Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-49382

Cross-Site Request Forgery CSRF vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through = 2.0...

PT-2025-34340 · WordPress · Spacious

Name of the Vulnerable Software and Affected Versions: Spacious theme for WordPress versions prior to 1.9.12 Description: The Spacious theme for WordPress is susceptible to unauthorized data modification due to the absence of a capability check within the welcome notice import handler function...