262947 matches found
CVE-2026-39539
Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...
CVE-2026-39529 WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...
CVE-2026-39522
CVE-2026-39522: WordPress Solene theme
CVE-2026-39522 WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Solene = 3.4 versions...
CVE-2026-39446
The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...
CVE-2026-39443
CVE-2026-39443 affects the WordPress EmallShop theme (versions <= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...
CVE-2026-39443 WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...
CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
CVE-2026-39438
CVE-2026-39438 : Unauthenticated SQL Injection in the WordPress ListingPro plugin (versions
CVE-2026-39438 WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
CVE-2026-39433
The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions
CVE-2026-34895
The CVE covers WordPress Softlab Core plugin, versions prior to 1.2.11, affected by an unauthenticated Local File Inclusion. The root cause is an LFI flaw in Softlab Core
CVE-2026-34895 WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Softlab Core 1.2.11 versions...
CVE-2026-39433 WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
CVE-2026-34893
CVE-2026-34893 – WordPress Thegov Core plugin
CVE-2026-34894
CVE-2026-34894 concerns WordPress plugin Integrio Core (
CVE-2026-34893 WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
CVE-2026-34894 WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Integrio Core 1.2.8 versions...
CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...
CVE-2026-27429
CVE-2026-27429 concerns the WordPress Nifty theme (versions