263129 matches found
CVE-2025-69109 WordPress Raider Spirit theme <= 1.1.2 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Raider Spirit = 1.1.2 versions...
CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...
CVE-2025-69107 WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...
CVE-2025-69108
CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (<= 1.7). The description specifies unauthenticated object injection in Hot Coffee
CVE-2025-69107
Technical details about CVE-2025-69107 (affected product/version, root cause, exploitability, impact, fixes) are not provided in the connected documents. Monitor for updates.
CVE-2025-69105 WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Modernee = 1.6.0 versions...
CVE-2025-69105
Technical details (affected versions beyond Modernee
CVE-2025-69104 WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...
CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
CVE-2025-69104
Technical details for CVE-2025-69104 are not provided in the connected documents. Monitor for updates.
CVE-2025-69103
CVE-2025-69103 affects WordPress Brikk theme ≤ 3.0.0. According to the records, a Subscriber can cause Arbitrary Content Deletion. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, Low attack complexity, no privileges required, no user interaction, availability impact. No root-cause deta...
CVE-2025-58924 WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Geya = 1.15 versions...
CVE-2025-60085 WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Learnify = 1.15.0 versions...
CVE-2025-60085
CVE-2025-60085 : Unauthenticated Local File Inclusion in the WordPress Learnify theme (versions
CVE-2025-58924
Technical details for CVE-2025-58924 are not provided in the supplied documents. No specifics on affected versions beyond
CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...
CVE-2026-54194
CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...
CVE-2026-40750 WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...
CVE-2026-40750
CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...
CVE-2026-8442
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...