262875 matches found
CVE-2025-69105 WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability
Technical details (affected versions beyond Modernee
CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
CVE-2025-69104 WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...
CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
CVE-2025-69103 affects WordPress Brikk theme ≤ 3.0.0. According to the records, a Subscriber can cause Arbitrary Content Deletion. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, Low attack complexity, no privileges required, no user interaction, availability impact. No root-cause deta...
CVE-2025-69104 WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
Technical details for CVE-2025-69104 are not provided in the connected documents. Monitor for updates.
CVE-2025-60085 WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Learnify = 1.15.0 versions...
CVE-2025-58924 WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Geya = 1.15 versions...
CVE-2025-60085 WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability
CVE-2025-60085 : Unauthenticated Local File Inclusion in the WordPress Learnify theme (versions
CVE-2025-58924 WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability
Technical details for CVE-2025-58924 are not provided in the supplied documents. No specifics on affected versions beyond
CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...
CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability
CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...
CVE-2026-40750 WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...
CVE-2026-40750
CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...
CVE-2026-8442
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...
CVE-2026-52715
Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...
CVE-2026-8176
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...
CVE-2026-39581
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...
CVE-2025-68045
Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...
CVE-2026-8442 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...
CVE-2026-8176 LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...