CVE-2026-40756

CVE-2026-40756 describes an unauthenticated PHP Object Injection in the WordPress Zoya theme (≤ 1.4). The underlying issue is in how PHP objects are handled in the theme, enabling crafted input to influence object deserialization. CVSS 3.1 base score 8.1 (HIGH) with network attack vector, high im...

CVE-2026-40752

The WordPress Theme Manufaktur Solutions (versions

CVE-2026-40738

The CVE-2026-40738 entry concerns the WordPress Eldon theme (versions <= 1.4.1) with an unauthenticated PHP Object Injection vulnerability. Connected documents confirm the affected product (Eldon theme), the vulnerable component (PHP object deserialization paths in Eldon

CVE-2026-40733

CVE-2026-40733 – Unauthenticated PHP Object Injection in WordPress ShiftUp theme versions

CVE-2026-40720

Concretely, CVE-2026-40720 affects the WordPress plugin Royal Elementor Addons Pro (versions below 1.7.1041). The issue is an Unauthenticated Cross Site Scripting (XSS) vulnerability discovered in these versions. CVSSv3.1 base score is 7.1 (HIGH) with network exploitation potential, no privileges...

CVE-2026-39590

Summary: CVE-2026-39590 affects the WordPress Atomlab theme (versions ≤ 2.4.5) via an unauthenticated Local File Inclusion weakness. The underlying issue is in Atomlab’s handling of file paths in these versions. Impact: as per CVSS, high severity with potential confidentiality, integrity, and ava...

CVE-2026-39560

CVE-2026-39560 affects WordPress Hiroshi theme

CVE-2026-39576

The CVE describes an unauthenticated PHP Object Injection vulnerability in WordPress theme SingleMalt, version

CVE-2026-39559

CVE-2026-39559 affects WordPress Uppercase theme versions prior to 1.2.2. The vulnerability is an unauthenticated Local File Inclusion (LFI) in the theme, enabling an attacker to access local files. Impact is denoted as high (CVSS 3.1: 8.1) with network attack vector, high complexity, and no user...

CVE-2026-39523

WordPress Solene Core plugin

CVE-2026-39556

The CVE describes an unauthenticated PHP Object Injection vulnerability in WordPress Konsept theme versions <= 1.9. The root cause is an object injection flaw in Konsept

CVE-2026-39442

CVE-2026-39442 affects WordPress PressMart theme versions up to 1.2.26, where an unauthenticated PHP Object Injection vulnerability exists in the theme’s handling of objects. The underlying issue is PHP object injection, enabling an attacker to manipulate serialized objects and potentially execut...

CVE-2026-39445

Affected: WordPress theme Alukas prior to v3.0.0. Vulnerability: PHP Object Injection in versions

CVE-2025-69175

Technical details for CVE-2025-69175 are not provided in the supplied documents; affected versions, exploit specifics, and fixes are not disclosed here. Monitor for updates.

CVE-2025-69174

Technical details about CVE-2025-69174 (Etude theme

CVE-2025-69170

Technical details such as affected files/versions, root cause, impact, and fixes are not provided in the initial or connected documents; monitor for updates.

CVE-2025-69166

Technical details about CVE-2025-69166 (WordPress Gunslinger) are not publicly provided in the supplied documents. No affected versions, root cause, impact, or fixes are present here. Monitor for updates from connected sources.

CVE-2025-69164

Technical details about CVE-2025-69164 (WordPress Skyward theme Local File Inclusion) are not publicly provided in the supplied documents. Monitor for updates from vendors/security advisories.

CVE-2025-69158

Technical details for CVE-2025-69158 are not provided in the connected documents. The initial description notes an unauthenticated Local File Inclusion in Granola

CVE-2025-69157

Technical details about CVE-2025-69157 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-69144

Technical details about CVE-2025-69144 are not provided in the connected documents. The initial entry notes an unauthenticated Local File Inclusion in Preservation theme

CVE-2025-69140

The CVE is for WordPress SweetDate Core plugin versions before 1.1.5, which are affected by an unauthenticated reflected XSS vulnerability. Root cause details aren’t provided in the documents, but the issue is tied to SweetDate Core

CVE-2025-69127

CVE-2025-69127 affects the WordPress theme “Plumbing - Plumber and Handyman WordPress Theme” (Plumbing) <= 1.6. Description: Unauthenticated PHP Object Injection in Plumbing <= 1.6. The available document set provides limited public details beyond the vulnerability type and affected version...

CVE-2025-69130

The CVE-2025-69130 entry concerns the WordPress Entrepreneur - Booking for Small Businesses WordPress Theme (versions

CVE-2025-69126

Fortius WordPress Theme <= 2.3.0 is affected by an unauthenticated Local File Inclusion (LFI) vulnerability. The flaw resides in Fortius

CVE-2025-69123

Public details about CVE-2025-69123 are not provided in the connected documents. Technical specifics (affected version range, impact, or remediation) are not available here. Monitor for updates from authoritative sources.

CVE-2025-69120

CVE-2025-69120 affects the WordPress Dazzle theme (

CVE-2025-69115

Technical details (affected product/version specifics, root cause analysis, impact, and remediation) are not provided in the connected documents; monitor official updates for CVE-2025-69115.

CVE-2025-69111

Technical details for CVE-2025-69111 are not provided in the connected documents. Monitor for updates.

CVE-2025-69106

Technical details (affected version, root cause, impact, remediation) are not provided in the connected documents. The Initial Description confirms a Local File Inclusion in Imba theme

CVE-2025-68524

CVE-2025-68524 affects the WordPress Avante theme in versions prior to 3.0.5, with a Reflected Cross Site Scripting (XSS) vulnerability that is unauthenticated . The issue arises in Avante

CVE-2025-59554

The CVE-2025-59554 entry identifies an unauthenticated SQL injection in the WordPress plugin WordPress Advanced Ads – Tracking for versions before 3.0.7. Affected component: Tracking functionality within the Advanced Ads – Tracking plugin. Root cause: improper handling of input in the tracking fe...

CVE-2025-15657

The CVE CVE-2025-15657 affects the WordPress School Management plugin (versions up to 93.1.0). It is an unauthenticated Insecure Direct Object References (IDOR) vulnerability, where an attacker may access object references without authentication. Metrics indicate a CVSS v3.1 base score of 5.3 (Co...

CVE-2026-54193

The CVE-2026-54193 entry concerns the WordPress Fusion Builder plugin version <= 3.15.4, with an Arbitrary File Deletion vulnerability. The issue targets the Fusion Builder component/file handling and is associated with a CVSS v3.1 base score of 7.7 (HIGH), with Network attack vector, low atta...

CVE-2025-59872

The CVE-2025-59872 entry relates to HCL ZIE for Web, which is reported as vulnerable to an Unrestricted File Upload. If the server is configured to execute code and a file is uploaded inside the Webroot, an attacker may achieve command execution on the server via a web shell. The vulnerability de...

CVE-2026-11975

CVE-2026-11975 : In SimplCommerce, stored XSS occurs in the NewsItemApiController before commit 6142d3b5, allowing an authenticated administrator to inject JavaScript via ShortContent and FullContent that are stored without HTML sanitization and rendered with Html.Raw(). Affected: News module adm...

CVE-2025-62340

The CVE affects HCL iControl and describes an Inadequate Session Timeout vulnerability in which a web application does not terminate user sessions after inactivity. Based on the provided data, the issue is categorized with CVSS v3.1 base score 3.1 (LOW) and a network attack vector with high attac...

CVE-2024-37496

CVE-2024-37496 concerns the WordPress Metro Magazine theme (

CVE-2024-37210

CVE-2024-37210 concerns WordPress AliExpress Dropshipping with AliNext Lite plugin

CVE-2024-35690

CVE-2024-35690 – WordPress Widget Options plugin up to version 4.0.1 is vulnerable to sensitive data exposure (Subscriber+). The Patchstack entries (and WPVulnDB reference) indicate vulnerable versions are

CVE-2024-35648

No technical details are provided in the connected documents for CVE-2024-35648 beyond the description of a CSRF vulnerability in the Emergency Password Reset plugin (WordPress)

CVE-2024-33909

CVE-2024-33909 affects WordPress iPages Flipbook (vulnerable up to 1.5.1) and is a Missing Authorization/ broken access control issue. The connected records indicate an improper authorization check allowing access to protected resources due to incorrectly configured access control levels. Impact ...

CVE-2025-68405

Technical details for CVE-2025-68405 are not publicly available in the provided documents. Monitor for updates.

CVE-2024-32949

Technical details for CVE-2024-32949 are not provided in the supplied documents. No product/version/root-cause/impact/fix specifics are available here. Monitor for official updates from CVE records or vendor advisories.

CVE-2024-32729

CVE-2024-32729 concerns WordPress ChatBot Conversational Forms (QuantumCloud Conversational Forms for ChatBot)

CVE-2026-11858

Quanos SCHEMA ST4 on-premises is affected by a local privilege escalation due to insufficient authorization on the Client Update Service. The service, running as NT AUTHORITY\SYSTEM, exposes a .NET Remoting interface over a named pipe without proper access controls. A local authenticated low-priv...

CVE-2024-24709

CVE-2024-24709 targets the WordPress Shareaholic plugin, affecting versions up to 9.7.11. The root cause is a missing Authorization check on accept_terms_of_service, enabling a user with subscriber-level privileges (or higher) to exploit broken access control. The vulnerability is classified as M...

CVE-2026-11857

The CVE describes a local privilege escalation in Quanos SCHEMA ST4 on-premises, via insecure deserialization in the .NET Remoting endpoint exposed by the Client Update Service. The service uses TypeFilterLevel.Full and binds to local interfaces over named pipes, enabling a local authenticated at...

CVE-2025-31013

Technical details for CVE-2025-31013 are not provided in the supplied documents; no affected products, vectors, or remediation details are disclosed here. Monitor for official updates.

CVE-2024-31435

CVE-2024-31435 affects the WordPress plugin Social Media & Share Icons (versions up to 2.8.6). The issue is a Missing Authorization vulnerability caused by incorrectly configured access control levels, enabling access to protected functionality without proper permissions. The CVE entry lists a Pa...