CVE-2026-28116 WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...

CVE-2026-28116

CVE-2026-28116 affects the WordPress Progress Planner plugin up to version 1.9.0. The issue is a Stored XSS due to improper neutralization of input during web page generation. Under CVSS 3.1, the impact is Low for confidentiality, integrity, and availability, with a Network attack vector, Low att...

WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hongdo in WordPress Plugin Progress Planner versions = 1.9.0...

WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Baikuya in WordPress Plugin WP Job Portal versions = 2.5.2...

WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Austin Ginder in WordPress Plugin Simple Shopping Cart versions = 5.2.9...

CVE-2025-68886 WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

CVE-2025-68886 WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from n/a through 1.4.8...

CVE-2025-68886

CVE-2025-68886 is a WordPress Cookiteer theme vulnerable to Local File Inclusion (LFI) due to improper filename handling in PHP Include/Require. Affected: Cookiteer versions up to 1.4.8. The vulnerability is classified as high risk (CVSS v3.1 base score 8.1; Attack Vector: Network; Impact: Confid...

CVE-2025-69369 WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

CVE-2025-69369 WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from n/a through 1.12.0...

CVE-2025-69369

CVE-2025-69369 is a Local File Inclusion vulnerability in the WordPress theme Racquet (Racquet

WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Aliefis in WordPress Plugin Visual Link Preview versions = 2.4.1...

CVE-2025-58897 WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

CVE-2025-58897 WordPress Fermentio theme <= 1.5.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Fermentio allows PHP Local File Inclusion. This issue affects Fermentio: from n/a through 1.5.0...

CVE-2025-58897

The CVE-2025-58897 entry concerns the WordPress Fermentio theme (

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

CVE-2025-58707 WordPress Spin theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Axiomthemes Spin allows PHP Local File Inclusion. This issue affects Spin: from n/a through 1.8...

CVE-2025-58707

The CVE-2025-58707 issue is a Local File Inclusion vulnerability in the WordPress Spin theme (Spin) versions up to 1.8. It arises from improper handling of filenames for include/require statements in a PHP program, enabling PHP LFI. Affected product: Axiomthemes Spin (WordPress Spin theme

WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin King Addons for Elementor versions = 51.1.62...

CVE-2026-39555

The CVE-2026-39555 entry concerns the WordPress Askka theme (versions up to 1.3.1). The vulnerability is a PHP Object Injection via a deserialization of untrusted data in the Askka plugin/theme, allowing object injection. Affected component: WordPress Askka theme