263044 matches found
CVE-2026-39446
The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...
CVE-2026-39443
CVE-2026-39443 affects the WordPress EmallShop theme (versions <= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...
CVE-2026-39443 WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...
CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
CVE-2026-39438
CVE-2026-39438 : Unauthenticated SQL Injection in the WordPress ListingPro plugin (versions
CVE-2026-39438 WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
CVE-2026-34895
The CVE covers WordPress Softlab Core plugin, versions prior to 1.2.11, affected by an unauthenticated Local File Inclusion. The root cause is an LFI flaw in Softlab Core
CVE-2026-39433
The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions
CVE-2026-39433 WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in WPAMS 49.5.3 versions...
CVE-2026-34895 WordPress Softlab Core plugin < 1.2.11 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Softlab Core 1.2.11 versions...
CVE-2026-34894
CVE-2026-34894 concerns WordPress plugin Integrio Core (
CVE-2026-34893
CVE-2026-34893 – WordPress Thegov Core plugin
CVE-2026-34894 WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Integrio Core 1.2.8 versions...
CVE-2026-34893 WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...
CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...
CVE-2026-27429
CVE-2026-27429 concerns the WordPress Nifty theme (versions
CVE-2026-12256
The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...
CVE-2026-27395
Vulnerability: WordPress Support Board plugin fallbacks to Privilege Escalation in versions
CVE-2026-12256 WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Avada = 3.15.3 versions...
CVE-2026-27395 WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability
Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...