CVE-2026-39580

The CVE-2026-39580 entry covers an Unauthenticated PHP Object Injection in the WordPress theme Micdrop versions up to 1.3.1 . The affected component is the Micdrop WordPress theme; the root cause is a PHP Object Injection vulnerability in versions

CVE-2026-39578

CVE-2026-39578 refers to an unauthenticated PHP Object Injection in WordPress Theme Valiance versions

CVE-2026-39577

CVE-2026-39577 concerns unauthenticated PHP Object Injection in WordPress Playroom theme versions

CVE-2026-39568

CVE-2026-39568 affects the WordPress Mr. SEO theme (versions

CVE-2026-39557

CVE-2026-39557 describes an unauthenticated PHP Object Injection in the WordPress NeoBeat theme, version ≤ 1.7. The underlying issue is a PHP object injection vulnerability in NeoBeat’s code path, enabling unauthenticated attackers to potentially manipulate objects and achieve arbitrary code exec...

CVE-2026-39567

CVE-2026-39567 concerns the WordPress Santé theme (versions ≤ 1.5.1) with an unauthenticated PHP Object Injection vulnerability. The issue arises in Santé’s PHP handling, enabling an attacker with network access (no user interaction, no privileges) to exploit a PHP Object Injection vector. The CV...

CVE-2026-39554

CVE-2026-39554 concerns WordPress Theme Fidalgo (versions

CVE-2026-39549

The CVE-2026-39549 entry describes an Unauthenticated Local File Inclusion in the WordPress Aperitif theme (versions

CVE-2026-39548

The CVE describes an unauthenticated Reflected Cross Site Scripting (XSS) vulnerability in the WordPress MagOne theme, version(s) up to and including 9.0. The issue affects the MagOne theme for WordPress and is categorized as a reflected XSS; the exact vulnerable component is not separately ident...

CVE-2026-39547

CVE-2026-39547 : Unauthenticated Local File Inclusion in WordPress Theme Getaway versions before 1.8. The connected records confirm, for Getaway

CVE-2026-39539

Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...

CVE-2026-39529

The CVE identifies an unauthenticated PHP Object Injection in WordPress Elementra theme

CVE-2026-39522

CVE-2026-39522: WordPress Solene theme

CVE-2026-39446

The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...

CVE-2026-39443

CVE-2026-39443 affects the WordPress EmallShop theme (versions <= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...

CVE-2026-39438

CVE-2026-39438 : Unauthenticated SQL Injection in the WordPress ListingPro plugin (versions

CVE-2026-39433

The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions

CVE-2026-34895

The CVE covers WordPress Softlab Core plugin, versions prior to 1.2.11, affected by an unauthenticated Local File Inclusion. The root cause is an LFI flaw in Softlab Core

CVE-2026-34894

CVE-2026-34894 concerns WordPress plugin Integrio Core (

CVE-2026-34893

CVE-2026-34893 – WordPress Thegov Core plugin

CVE-2026-27429

CVE-2026-27429 concerns the WordPress Nifty theme (versions

CVE-2026-12256

The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...

CVE-2026-27395

Vulnerability: WordPress Support Board plugin fallbacks to Privilege Escalation in versions

CVE-2025-69178

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2025-69177

CVE-2025-69177 refers to an Unauthenticated Local File Inclusion in the WordPress Roneous theme ≤ 2.1.5. The vulnerability arises from Local File Inclusion in the Roneous theme, enabling an attacker to access restricted files without authentication. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:...

CVE-2025-69176

Technical details about CVE-2025-69176 are not provided in the supplied documents. Monitor for updates; the initial entry notes unauthenticated Local File Inclusion in ITactics

CVE-2025-69168

CVE-2025-69168 affects the WordPress Spike theme up to version 1.2, with an unauthenticated Local File Inclusion vulnerability. The entry notes LFI without authentication, implying an attacker could access local files. The CVSS 3.1 data (Patchstack) assigns a base score of 8.1 (HIGH) with NETWORK...

CVE-2025-69165

CVE-2025-69165 affects WordPress Choreo theme versions

CVE-2025-69167

Technical details (affected product, root cause, versions, impact, or fixes) are not provided in connected documents. The initial description notes an unauthenticated Local File Inclusion in WordPress Eros theme ≤ 1.3, but no further technical specifics are available in the supplied sources. Moni...

CVE-2025-69163

Technical details about CVE-2025-69163 (affected product/version, exploit specifics, remediation) are not provided in the connected documents. Monitor for updates and new public disclosures.

CVE-2025-69162

Technical details about CVE-2025-69162 are not publicly available in the provided documents. Monitor for updates from vendors/public advisories to obtain concrete affected versions, impact, and fixes.

CVE-2025-69160

CVE-2025-69160 : Unauthenticated Local File Inclusion in WordPress Gita theme

CVE-2025-69159

Technical details about CVE-2025-69159 (such as exact vulnerable components, exploit method, and affected versions) are not provided in the supplied documents. Monitor for official advisories for updates.

CVE-2025-69150

Technical details about CVE-2025-69150 are not provided in the connected documents. The initial description notes an unauthenticated Local File Inclusion in Medeus theme

CVE-2025-69151

CVE-2025-69151 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Grand Car Rental theme, affecting versions up to 3.7. The available description confirms the vulnerability class (XSS) and that exploitation does not require authentication, but the provided mate...

CVE-2025-69149

Technical details about CVE-2025-69149 (Top Dog theme LFI) are not publicly provided in the supplied documents. Please monitor official advisories and vendor patches for affected versions.

CVE-2025-69147

The CVE-2025-69147 entry concerns WordPress Putter theme versions at or below 1.17 with an Unauthenticated Local File Inclusion vulnerability. The issue targets a function/file path exploit allowing an attacker to access local files without authentication. The provided data includes CVSS v3.1 met...

CVE-2025-69146

Technical details for CVE-2025-69146 are not publicly provided in the supplied documents; no confirmed affected products, versions, or fixes are available here. Monitor official advisories for updates.

CVE-2025-69143

Technical details for CVE-2025-69143 are not provided in the supplied documents. The available records note an unauthenticated Local File Inclusion in Mission theme

CVE-2025-69141

Technical details for CVE-2025-69141 (WordPress Kelly Young theme

CVE-2025-69142

Technical details are not publicly provided in the supplied documents for CVE-2025-69142 (WordPress Abelle theme

CVE-2025-69139

CVE-2025-69139 : WordPress Car Zone theme (

CVE-2025-69137

Technical details about CVE-2025-69137 are not provided in the supplied connected documents. The records only indicate a broken access control issue in Genemy theme

CVE-2025-69136

Technical details beyond the CVE entry are not provided in the connected documents. Public specifics (affected product/version, root cause, exploitability, fixes) are not available here; monitor for updates from official sources.

CVE-2025-69125

Technical details about CVE-2025-69125 (WordPress Food Drop theme ≤1.3 LFI) are not provided in the supplied documents. Monitor for updates and future advisories to obtain affected versions, impact, and remediation information.

CVE-2025-69131

Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions

CVE-2025-69124

Technical details about CVE-2025-69124 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor for updates from trusted sources.

CVE-2025-69122

CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...

CVE-2025-69121

Technical details for CVE-2025-69121 (Deliciosa WordPress theme

CVE-2025-69119

CVE-2025-69119 concerns the WordPress Corbesier theme (