CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

CVE-2026-39552

CVE-2026-39552 affects the WordPress Blueprint theme prior to 1.1.5, which suffers from an Improper Control of Filename for Include/Require (PHP Local File Inclusion). The vulnerability arises from inadequate validation of included/required filenames, enabling an attacker to cause local file incl...

CVE-2026-39552 WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects Blueprint: from n/a before 1.1.5...

New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected...

CVE-2026-42685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42684

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ahmad WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.5.1...

WordPress EmergencyWP – Dead Man's switch & legacy deliverance plugin <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by swat in WordPress Plugin EmergencyWP – Dead Man's switch & legacy deliverance versions = 1.4.2...

WordPress Passeum Ticketing plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Passeum Ticketing versions = 1.0...

Exploit for CVE-2026-8206

CVE-2026-8206 - Kirki WordPress Plugin Mass Exploit !Python...

CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

CVE-2026-39551

The CVE-2026-39551 entry concerns the WordPress Töbel theme (versions &lt;= 1.8.1) with a PHP Object Injection /deserialization vulnerability in Töbel. Affected component: Töbel theme; root cause: deserialization of untrusted data enabling object injection. Impact metrics from Patchstack indicate...

CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

CVE-2026-39550

CVE-2026-39550 affects the WordPress Aperitif theme (versions up to 1.6). The issue is a PHP Object Injection caused by deserialization of untrusted data in Aperitif, enabling exploitation via a network vector with no user interaction and no privileges required. The CVSSv3.1 base score is 8.1 (HI...

CVE-2026-39550 WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

CVE-2026-39550 WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

CVE-2026-42685 WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42685 WordPress WP Job Portal plugin <= 2.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

CVE-2026-42685

The CVE-2026-42685 entry concerns the WordPress plugin WP Job Portal (versions up to 2.5.1). The issue is a Reflected Cross-Site Scripting (XSS) vulnerability caused by improper neutralization of input during page generation. Affected product: WP Job Portal. Root cause: insufficient input handlin...

CVE-2026-42684

CVE-2026-42684 affects WordPress WP Job Portal plugin versions up to 2.5.1. It is an SQL Injection due to improper neutralization of special elements in SQL commands, described as a blind SQL injection. According to the sources, the issue impacts the plugin in a network-inspired attack with high ...