WordPress ProGuards Theme <= 2.13.0 is vulnerable to Local File Inclusion

Software ProGuards Type Theme Vulnerable versions = 2.13.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 854fcc2996a0 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Tax Help Theme <= 2.16.0 is vulnerable to Local File Inclusion

Software Tax Help Type Theme Vulnerable versions = 2.16.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 9ffdcb2a6e0e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Albertino Theme <= 2.17.0.0 is vulnerable to Local File Inclusion

Software Albertino Type Theme Vulnerable versions = 2.17.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 40ad094b629a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress Happy Rider Theme <= 2.12.0 is vulnerable to Local File Inclusion

Software Happy Rider Type Theme Vulnerable versions = 2.12.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 2a832be985c0 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress City Hostel Theme <= 1.2.3 is vulnerable to Local File Inclusion

Software City Hostel Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 3b527ab49278 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Chrimson Theme <= 2.2 is vulnerable to Local File Inclusion

Software Chrimson Type Theme Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ce3b9ba9d24e Credits Bonds Required privilege Unauthenticated Published 8...

WordPress ProDent Theme <= 1.5.9 is vulnerable to Local File Inclusion

Software ProDent Type Theme Vulnerable versions = 1.5.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 720bb591f012 Credits Bonds Required privilege Unauthenticated Published ...

WordPress Studeon Theme <= 1.1.15 is vulnerable to Local File Inclusion

Software Studeon Type Theme Vulnerable versions = 1.1.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c0553580bcf0 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Healthy Blog Theme <= 1.2.8 is vulnerable to Local File Inclusion

Software Healthy Blog Type Theme Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0d2d1669d802 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress Credit Card Experience Theme <= 1.2.15 is vulnerable to Local File Inclusion

Software Credit Card Experience Type Theme Vulnerable versions = 1.2.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 660aaadb7556 Credits Tran Nguyen Bao Khanh VCI - VNPT...

WordPress Alhambra Theme <= 1.1.13 is vulnerable to Local File Inclusion

Software Alhambra Type Theme Vulnerable versions = 1.1.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 6120b67a2169 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Preston Theme <= 1.1.9 is vulnerable to Local File Inclusion

Software Preston Type Theme Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c095dd0e4598 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Translang Theme <= 1.1.16 is vulnerable to Local File Inclusion

Software Translang Type Theme Vulnerable versions = 1.1.16 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f5cee4143f4e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Travesia Theme <= 1.1.15 is vulnerable to Local File Inclusion

Software Travesia Type Theme Vulnerable versions = 1.1.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 68dec7b64a09 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Hogwords Theme <= 1.2.6 is vulnerable to Local File Inclusion

Software Hogwords Type Theme Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ee13435740c8 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Artesia Theme <= 1.0.14 is vulnerable to Local File Inclusion

Software Artesia Type Theme Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e13b63e45801 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Bonko Theme <= 1.0.14 is vulnerable to Local File Inclusion

Software Bonko Type Theme Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ea85145eb2a8 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Birdily | Travel Agency & Tour Booking WordPress Theme Theme <= 1.2.2 is vulnerable to Local File Inclusion

Software Birdily | Travel Agency & Tour Booking WordPress Theme Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d54eefcef883 Credits Tran...

WordPress A.Williams Theme <= 1.3.0 is vulnerable to Local File Inclusion

Software A.Williams Type Theme Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e62a941b1ab1 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress MediaFlex Theme <= 1.3.0 is vulnerable to Local File Inclusion

Software MediaFlex Type Theme Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 464e3d98edb3 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Drone Media Theme <= 2.2.0 is vulnerable to Local File Inclusion

Software Drone Media Type Theme Vulnerable versions = 2.2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID eedad8a1091f Credits Bonds Required privilege Unauthenticated...

WordPress Edema Theme <= 1.2.1 is vulnerable to Local File Inclusion

Software Edema Type Theme Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d74815f7d811 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Booklovers Theme <= 2.13 is vulnerable to Local File Inclusion

Software Booklovers Type Theme Vulnerable versions = 2.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 32013fcc5a21 Credits Bonds Required privilege Unauthenticated Publishe...

WordPress WotaHub Theme <= 1.2.2 is vulnerable to Local File Inclusion

Software WotaHub Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0b2e70b3d1c4 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Toast Mobile Menu plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Toast Mobile Menu versions = 1.0.8...

WordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Aiden in WordPress Theme Scape versions = 1.5.13...

WordPress UDesign Core plugin <= 4.14.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin UDesign Core versions = 4.14.0...

WordPress UDesign Core plugin <= 4.14.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin UDesign Core versions = 4.14.0...

WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ? in WordPress Theme KALLYAS versions = 4.22.0...

WordPress Permalink Manager Lite Plugin <= 2.5.1.3 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Permalink Manager Lite versions = 2.5.1.3...

WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Traveler versions 3.2.3...

WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Traveler versions 3.2.3...

WordPress ELEX WooCommerce Google Shopping (Google Product Feed) plugin <= 1.4.3 - Authenticated (Admin+) SQL Inejction vulnerability

Authenticated Admin+ SQL Inejction vulnerability discovered by dutafi in WordPress Plugin ELEX WooCommerce Google Shopping versions = 1.4.3...

WordPress Recent Posts Widget Extended plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via rpwe Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via rpwe Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Recent Posts Widget Extended versions = 2.0.2...

WordPress SKT Addons for Elementor plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin SKT Addons for Elementor versions = 3.7...

WordPress Admin Menu Editor plugin <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholder Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Menu Editor versions = 1.14...

WordPress aThemes Addons for Elementor Lite plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin aThemes Addons for Elementor versions = 1.1.2...

WordPress Smart Table Builder plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Smart Table Builder versions = 1.0.1...

WordPress StreamWeasels Kick Integration plugin <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via vodsChannel Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin SW Kick Integration versions = 1.1.5...

WordPress Content Views plugin <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Grid and List Widgets vulnerability discovered by Webbernaut in WordPress Plugin Content Views versions = 4.1...

WordPress Cloud SAML SSO plugin <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action vulnerability

Missing Authorization to Unauthenticated Settings Modification via setorganizationsettings Action vulnerability discovered by kr0d in WordPress Plugin Cloud SAML SSO - Single Sign On Login versions = 1.0.19...

WordPress Cloud SAML SSO plugin <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action vulnerability

Missing Authorization to Unauthenticated Identity Provider Deletion via deleteconfig Action vulnerability discovered by kr0d in WordPress Plugin Cloud SAML SSO - Single Sign On Login versions = 1.0.19...

WordPress AdForest theme <= 6.0.9 - Authentication Bypass to Admin vulnerability

Authentication Bypass to Admin vulnerability discovered by Tonn in WordPress Theme AdForest versions = 6.0.9...

WordPress Optio Dentistry plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Optio Dentistry versions = 2.2...

WordPress UsersWP plugin <= 1.2.44 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin UsersWP versions = 1.2.44...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.5.1...

WordPress AdForest Theme <= 6.0.9 is vulnerable to Broken Authentication

Software AdForest Type Theme Vulnerable versions = 6.0.9 Fixed in 6.0.10 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-8359 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f086df38edf9 Credits Tonn Required...

WordPress Multi Step Form plugin <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin Multi Step Form versions = 1.7.25...

WordPress User Registration plugin <= 4.3.0 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Jack Pas Dark. in WordPress Plugin User Registration versions = 4.3.0...

WordPress Easy Social Feed plugin <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Easy Social Feed versions = 6.6.7...