CVE-2026-40739 WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive = 1.4 versions...

CVE-2026-40739

CVE-2026-40739 affects the WordPress LuxeDrive theme versions

CVE-2026-40736

WordPress Laurits theme

CVE-2026-39580 WordPress Micdrop theme <= 1.3.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Micdrop = 1.3.1 versions...

CVE-2026-39580

The CVE-2026-39580 entry covers an Unauthenticated PHP Object Injection in the WordPress theme Micdrop versions up to 1.3.1 . The affected component is the Micdrop WordPress theme; the root cause is a PHP Object Injection vulnerability in versions

CVE-2026-39578 WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Valiance = 1.2 versions...

CVE-2026-39577 WordPress Playroom theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Playroom = 1.4.1 versions...

CVE-2026-39577

CVE-2026-39577 concerns unauthenticated PHP Object Injection in WordPress Playroom theme versions

CVE-2026-39578

CVE-2026-39578 refers to an unauthenticated PHP Object Injection in WordPress Theme Valiance versions

CVE-2026-39568 WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...

CVE-2026-39568

CVE-2026-39568 affects the WordPress Mr. SEO theme (versions

CVE-2026-39567 WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Santé = 1.5.1 versions...

CVE-2026-39567

CVE-2026-39567 concerns the WordPress Santé theme (versions ≤ 1.5.1) with an unauthenticated PHP Object Injection vulnerability. The issue arises in Santé’s PHP handling, enabling an attacker with network access (no user interaction, no privileges) to exploit a PHP Object Injection vector. The CV...

CVE-2026-39557

CVE-2026-39557 describes an unauthenticated PHP Object Injection in the WordPress NeoBeat theme, version ≤ 1.7. The underlying issue is a PHP object injection vulnerability in NeoBeat’s code path, enabling unauthenticated attackers to potentially manipulate objects and achieve arbitrary code exec...

CVE-2026-39557 WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...

CVE-2026-39554 WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...

CVE-2026-39554

CVE-2026-39554 concerns WordPress Theme Fidalgo (versions

CVE-2026-39548 WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...

CVE-2026-39549 WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...

CVE-2026-39548

The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress MagOne theme, version(s) up to and including 9.0. The issue affects the MagOne theme for WordPress and is categorized as a reflected XSS; the exact vulnerable component is not separately ident...