CVE-2026-39433

The CVE-2026-39433 entry concerns the WordPress WPAMS plugin (Apartment Management) with versions

CVE-2026-34894

CVE-2026-34894 concerns WordPress plugin Integrio Core (

CVE-2026-34893

CVE-2026-34893 – WordPress Thegov Core plugin

CVE-2026-27429

CVE-2026-27429 concerns the WordPress Nifty theme (versions

CVE-2026-12256

The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...

CVE-2026-27395

Vulnerability: WordPress Support Board plugin fallbacks to Privilege Escalation in versions

CVE-2025-69178

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2025-69177

CVE-2025-69177 refers to an Unauthenticated Local File Inclusion in the WordPress Roneous theme ≤ 2.1.5. The vulnerability arises from Local File Inclusion in the Roneous theme, enabling an attacker to access restricted files without authentication. The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:...

CVE-2025-69176

Technical details about CVE-2025-69176 are not provided in the supplied documents. Monitor for updates; the initial entry notes unauthenticated Local File Inclusion in ITactics

CVE-2025-69168

CVE-2025-69168 affects the WordPress Spike theme up to version 1.2, with an unauthenticated Local File Inclusion vulnerability. The entry notes LFI without authentication, implying an attacker could access local files. The CVSS 3.1 data (Patchstack) assigns a base score of 8.1 (HIGH) with NETWORK...

CVE-2025-69165

CVE-2025-69165 affects WordPress Choreo theme versions

CVE-2025-69167

Technical details (affected product, root cause, versions, impact, or fixes) are not provided in connected documents. The initial description notes an unauthenticated Local File Inclusion in WordPress Eros theme ≤ 1.3, but no further technical specifics are available in the supplied sources. Moni...

CVE-2025-69163

Technical details about CVE-2025-69163 (affected product/version, exploit specifics, remediation) are not provided in the connected documents. Monitor for updates and new public disclosures.

CVE-2025-69162

Technical details about CVE-2025-69162 are not publicly available in the provided documents. Monitor for updates from vendors/public advisories to obtain concrete affected versions, impact, and fixes.

CVE-2025-69160

CVE-2025-69160 : Unauthenticated Local File Inclusion in WordPress Gita theme

CVE-2025-69159

Technical details about CVE-2025-69159 (such as exact vulnerable components, exploit method, and affected versions) are not provided in the supplied documents. Monitor for official advisories for updates.

CVE-2025-69150

Technical details about CVE-2025-69150 are not provided in the connected documents. The initial description notes an unauthenticated Local File Inclusion in Medeus theme

CVE-2025-69151

CVE-2025-69151 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Grand Car Rental theme, affecting versions up to 3.7. The available description confirms the vulnerability class (XSS) and that exploitation does not require authentication, but the provided mate...

CVE-2025-69149

Technical details about CVE-2025-69149 (Top Dog theme LFI) are not publicly provided in the supplied documents. Please monitor official advisories and vendor patches for affected versions.

CVE-2025-69147

The CVE-2025-69147 entry concerns WordPress Putter theme versions at or below 1.17 with an Unauthenticated Local File Inclusion vulnerability. The issue targets a function/file path exploit allowing an attacker to access local files without authentication. The provided data includes CVSS v3.1 met...

CVE-2025-69146

Technical details for CVE-2025-69146 are not publicly provided in the supplied documents; no confirmed affected products, versions, or fixes are available here. Monitor official advisories for updates.

CVE-2025-69143

Technical details for CVE-2025-69143 are not provided in the supplied documents. The available records note an unauthenticated Local File Inclusion in Mission theme

CVE-2025-69141

Technical details for CVE-2025-69141 (WordPress Kelly Young theme

CVE-2025-69142

Technical details are not publicly provided in the supplied documents for CVE-2025-69142 (WordPress Abelle theme

CVE-2025-69139

CVE-2025-69139 : WordPress Car Zone theme (

CVE-2025-69137

Technical details about CVE-2025-69137 are not provided in the supplied connected documents. The records only indicate a broken access control issue in Genemy theme

CVE-2025-69136

Technical details beyond the CVE entry are not provided in the connected documents. Public specifics (affected product/version, root cause, exploitability, fixes) are not available here; monitor for updates from official sources.

CVE-2025-69125

Technical details about CVE-2025-69125 (WordPress Food Drop theme ≤1.3 LFI) are not provided in the supplied documents. Monitor for updates and future advisories to obtain affected versions, impact, and remediation information.

CVE-2025-69131

Affected software: WordPress & WooCommerce Scraper Plugin, Import Data from Any Site (WordPress). Vulnerability: Unauthenticated Arbitrary File Download in versions

CVE-2025-69124

Technical details about CVE-2025-69124 are not publicly available in the provided documents. No affected products, versions, or remediation are specified here. Monitor for updates from trusted sources.

CVE-2025-69122

CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...

CVE-2025-69121

Technical details for CVE-2025-69121 (Deliciosa WordPress theme

CVE-2025-69119

CVE-2025-69119 concerns the WordPress Corbesier theme (

CVE-2025-69116

Technical details for CVE-2025-69116 (WordPress Iona theme

CVE-2025-69118

Technical details about CVE-2025-69118, including exploit vectors, affected WordPress CopyPress theme

CVE-2025-69114

Technical details (affected version, root cause, impact, fix) are not provided in the supplied documents. Monitor for updates.

CVE-2025-69113

Technical details beyond the initial description are not provided in the connected documents. CVE-2025-69113 is described as unauthenticated Local File Inclusion in Nexio

CVE-2025-69112

Technical details for CVE-2025-69112 (Planty WordPress theme

CVE-2025-69109

Technical details for CVE-2025-69109 are not provided in the supplied documents. No affected versions, root cause, impact, or remediation are stated here. Monitor for updates from the connected sources.

CVE-2025-69108

CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (<= 1.7). The description specifies unauthenticated object injection in Hot Coffee

CVE-2025-69107

Technical details about CVE-2025-69107 (affected product/version, root cause, exploitability, impact, fixes) are not provided in the connected documents. Monitor for updates.

CVE-2025-69105

Technical details (affected versions beyond Modernee

CVE-2025-69104

Technical details for CVE-2025-69104 are not provided in the connected documents. Monitor for updates.

CVE-2025-69103

CVE-2025-69103 affects WordPress Brikk theme ≤ 3.0.0. According to the records, a Subscriber can cause Arbitrary Content Deletion. CVSS 3.1 base score 7.5 (HIGH) with NETWORK attack vector, Low attack complexity, no privileges required, no user interaction, availability impact. No root-cause deta...

CVE-2025-60085

CVE-2025-60085 : Unauthenticated Local File Inclusion in the WordPress Learnify theme (versions

CVE-2025-58924

Technical details for CVE-2025-58924 are not provided in the supplied documents. No specifics on affected versions beyond 

CVE-2026-54194

CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...

CVE-2026-50135

CVE-2026-50135 is not described in the Initial Description, but connected evidence details a concrete vulnerability in Hugo. A regression in v0.123.0 introduced a flaw in Hugo’s virtual filesystem where RootMappingFs.statRoot followed symlinks during a direct resources.Get lookup, allowing a syml...

CVE-2026-48294

CVE-2026-48294 concerns Adobe Acrobat PDF Extension (Chrome)

CVE-2026-12348

CVE-2026-12348 concerns Arc Search for Android. The entry describes an address bar spoofing flaw caused by a window.open race condition, enabling a remote attacker to render attacker-controlled content while displaying a trusted domain in the address bar (phishing risk). The CVSSv3.1 vector is pr...