WordPress Magazine Theme <= 1.2.2 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Le Ngoc Anh in WordPress Theme Magazine versions = 1.2.2...

CVE-2025-6758

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imicagentregister' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticate...

CVE-2025-8592

CVE-2025-8592 affects the Inspiro WordPress theme (versions up to 2.1.2). It is a Cross-Site Request Forgery defect due to missing/incorrect nonce validation in inspiro_install_plugin(), enabling unauthenticated attackers to trigger plugin installations via forged requests if a site admin clicks ...

PT-2025-34189

Name of the Vulnerable Software and Affected Versions: Inspiro theme for WordPress versions prior to 2.1.3 Description: The Inspiro theme for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the inspiro install plugin function. This allows...

WordPress Sala Theme <= 1.1.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sala versions = 1.1.6...

CVE-2025-49382

Cross-Site Request Forgery CSRF vulnerability in DexignZone JobZilla - Job Board WordPress Theme jobzilla allows Privilege Escalation.This issue affects JobZilla - Job Board WordPress Theme: from n/a through = 2.0...

CVE-2025-49382

CVE-2025-49382 refers to a Cross-Site Request Forgery (CSRF) vulnerability in the DexignZone JobZilla - Job Board WordPress Theme (versions up to 2.0). The issue enables privilege escalation and affects unauthenticated users, per Patchstack and CVE entries. The vulnerability stems from CSRF prote...

PT-2025-33933 · WordPress +1 · Wordpress +1

Name of the Vulnerable Software and Affected Versions: DexignZone JobZilla - Job Board WordPress Theme versions n/a through 2.0 Description: A Cross-Site Request Forgery CSRF issue exists in DexignZone JobZilla - Job Board WordPress Theme, potentially leading to privilege escalation...

WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobZilla - Job Board WordPress Theme Type Theme Vulnerable versions = 2.0 Fixed in 2.0.1 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-49382 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 33cb80ce3eab Credi...

WordPress Houzez Theme <= 4.1.1 is vulnerable to Broken Access Control

Software Houzez Type Theme Vulnerable versions = 4.1.1 Fixed in 4.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-49406 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 920f9b9106ce Credits Rafie Muhammad Patchstack Required...

CVE-2025-8218

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

CVE-2025-6758 Real Spaces - WordPress Properties Directory Theme <= 3.6 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imicagentregister' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticate...

CVE-2025-8218 Real Spaces - WordPress Properties Directory Theme <= 3.5 - Authenticated (Subscriber+) Privilege Escalation to Administrator via 'change_role_member'

The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'changerolemember' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for...

WordPress Rare Radio theme <= 1.0.15.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Rare Radio versions = 1.0.15.1...

WordPress BugsPatrol theme <= 1.5.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme BugsPatrol versions = 1.5.0...

PT-2025-33710 · WordPress · Real Spaces - Wordpress Properties Directory Theme

Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.6 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the change role member parameter during...

CVE-2025-8105

The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

CVE-2025-8142

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'headerlayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the serve...

PT-2025-33592 · WordPress · Soledad

Name of the Vulnerable Software and Affected Versions: Soledad theme for WordPress versions prior to 8.6.8 Description: The Soledad theme for WordPress is susceptible to Stored Cross-Site Scripting via the pcsml smartlists h parameter due to insufficient input sanitization and output escaping. Th...

WordPress Findgo Theme <= 1.3.57 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by 0xd4rk5id3 in WordPress Theme Findgo versions = 1.3.57...