CVE-2025-69107 WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...

CVE-2025-69105 WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Modernee = 1.6.0 versions...

CVE-2025-69105

Technical details (affected versions beyond Modernee

CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability

Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...

CVE-2025-69104

Technical details for CVE-2025-69104 are not provided in the connected documents. Monitor for updates.

CVE-2025-69103

CVE-2025-69103 affects WordPress Brikk theme ≤ 3.0.0. According to the records, a Subscriber can cause Arbitrary Content Deletion. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, Low attack complexity, no privileges required, no user interaction, availability impact. No root-cause deta...

CVE-2025-69104 WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Qreatix = 1.9.4 versions...

CVE-2025-60085 WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Learnify = 1.15.0 versions...

CVE-2025-60085

CVE-2025-60085 : Unauthenticated Local File Inclusion in the WordPress Learnify theme (versions

CVE-2025-58924

Technical details for CVE-2025-58924 are not provided in the supplied documents. No specifics on affected versions beyond 

CVE-2025-58924 WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Geya = 1.15 versions...

CVE-2026-54194

CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...

CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...

CVE-2026-40750 WordPress Kids Online Store theme <= 0.8.9 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server. This issue affects Kids Online Store: from n/a through 0.8.9...

CVE-2026-40750

CVE-2026-40750 : The WordPress Kids Online Store theme (versions up to 0.8.9) is affected by an arbitrary file upload vulnerability described as Unrestricted Upload of File with Dangerous Type, enabling upload of a web shell to the web server. Connected documents corroborate the issue and specify...

CVE-2026-8442

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...

CVE-2026-8176

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.5.1. The plugin chains three independent flaws that together allow an authenticated Agent Agent+ to overwrite a...

CVE-2026-52715

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

CVE-2026-39581

Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic = 1.1.4 versions...

CVE-2025-68045

Unauthenticated Broken Access Control in WP Event SOlution = 4.1.12 versions...