263087 matches found
CVE-2026-39568 WordPress Mr. SEO theme <= 2.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...
CVE-2026-39557
CVE-2026-39557 describes an unauthenticated PHP Object Injection in the WordPress NeoBeat theme, version ≤ 1.7. The underlying issue is a PHP object injection vulnerability in NeoBeat’s code path, enabling unauthenticated attackers to potentially manipulate objects and achieve arbitrary code exec...
CVE-2026-39567
CVE-2026-39567 concerns the WordPress Santé theme (versions ≤ 1.5.1) with an unauthenticated PHP Object Injection vulnerability. The issue arises in Santé’s PHP handling, enabling an attacker with network access (no user interaction, no privileges) to exploit a PHP Object Injection vector. The CV...
CVE-2026-39567 WordPress Santé theme <= 1.5.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Santé = 1.5.1 versions...
CVE-2026-39557 WordPress NeoBeat theme <= 1.7 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in NeoBeat = 1.7 versions...
CVE-2026-39554
CVE-2026-39554 concerns WordPress Theme Fidalgo (versions
CVE-2026-39554 WordPress Fidalgo theme <= 1.2.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Fidalgo = 1.2.2 versions...
CVE-2026-39549
The CVE-2026-39549 entry describes an Unauthenticated Local File Inclusion in the WordPress Aperitif theme (versions
CVE-2026-39548
The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress MagOne theme, version(s) up to and including 9.0. The issue affects the MagOne theme for WordPress and is categorized as a reflected XSS; the exact vulnerable component is not separately ident...
CVE-2026-39549 WordPress Aperitif theme <= 1.5 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...
CVE-2026-39548 WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...
CVE-2026-39547
CVE-2026-39547 : Unauthenticated Local File Inclusion in WordPress Theme Getaway versions before 1.8. The connected records confirm, for Getaway
CVE-2026-39547 WordPress Getaway theme < 1.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Getaway 1.8 versions...
CVE-2026-39539
Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...
CVE-2026-39529
The CVE identifies an unauthenticated PHP Object Injection in WordPress Elementra theme
CVE-2026-39529 WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Elementra = 1.0.9 versions...
CVE-2026-39522
CVE-2026-39522: WordPress Solene theme
CVE-2026-39522 WordPress Solene theme <= 3.4 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Solene = 3.4 versions...
CVE-2026-39446
The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...
CVE-2026-39443
CVE-2026-39443 affects the WordPress EmallShop theme (versions <= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...