WordPress Chrimson Theme <= 2.2 is vulnerable to Local File Inclusion

Software Chrimson Type Theme Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ce3b9ba9d24e Credits Bonds Required privilege Unauthenticated Published 8...

WordPress ProDent Theme <= 1.5.9 is vulnerable to Local File Inclusion

Software ProDent Type Theme Vulnerable versions = 1.5.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 720bb591f012 Credits Bonds Required privilege Unauthenticated Published ...

WordPress Studeon Theme <= 1.1.15 is vulnerable to Local File Inclusion

Software Studeon Type Theme Vulnerable versions = 1.1.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c0553580bcf0 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Healthy Blog Theme <= 1.2.8 is vulnerable to Local File Inclusion

Software Healthy Blog Type Theme Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0d2d1669d802 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress Credit Card Experience Theme <= 1.2.15 is vulnerable to Local File Inclusion

Software Credit Card Experience Type Theme Vulnerable versions = 1.2.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 660aaadb7556 Credits Tran Nguyen Bao Khanh VCI - VNPT...

WordPress Alhambra Theme <= 1.1.13 is vulnerable to Local File Inclusion

Software Alhambra Type Theme Vulnerable versions = 1.1.13 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 6120b67a2169 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Preston Theme <= 1.1.9 is vulnerable to Local File Inclusion

Software Preston Type Theme Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID c095dd0e4598 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Translang Theme <= 1.1.16 is vulnerable to Local File Inclusion

Software Translang Type Theme Vulnerable versions = 1.1.16 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f5cee4143f4e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Travesia Theme <= 1.1.15 is vulnerable to Local File Inclusion

Software Travesia Type Theme Vulnerable versions = 1.1.15 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 68dec7b64a09 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Hogwords Theme <= 1.2.6 is vulnerable to Local File Inclusion

Software Hogwords Type Theme Vulnerable versions = 1.2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ee13435740c8 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Artesia Theme <= 1.0.14 is vulnerable to Local File Inclusion

Software Artesia Type Theme Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID e13b63e45801 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Bonko Theme <= 1.0.14 is vulnerable to Local File Inclusion

Software Bonko Type Theme Vulnerable versions = 1.0.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID ea85145eb2a8 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Callie Britt Theme <= 1.2.3 is vulnerable to Local File Inclusion

Software Callie Britt Type Theme Vulnerable versions = 1.2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 14891aeee80a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress Birdily | Travel Agency & Tour Booking WordPress Theme Theme <= 1.2.2 is vulnerable to Local File Inclusion

Software Birdily | Travel Agency & Tour Booking WordPress Theme Type Theme Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID d54eefcef883 Credits Tran...

WordPress StevenWatkins Theme <= 2.4.0 is vulnerable to Local File Inclusion

Software StevenWatkins Type Theme Vulnerable versions = 2.4.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID f134ae972b7e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immuni...

WordPress Gravity Theme <= 1.3.0 is vulnerable to Local File Inclusion

Software Gravity Type Theme Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 627b942c8e0e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Goza Theme <= 3.2.2 is vulnerable to Arbitrary File Upload

Software Goza Type Theme Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-5394 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 66a283dd0c55 Credits GR0V Required privilege Unauthenticated Published 8...

WordPress PathWell Theme <= 1.1.16 is vulnerable to Local File Inclusion

Software PathWell Type Theme Vulnerable versions = 1.1.16 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 48d7c14445e6 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Toast Mobile Menu plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Toast Mobile Menu versions = 1.0.8...

WordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Aiden in WordPress Theme Scape versions = 1.5.13...

WordPress UDesign Core plugin <= 4.14.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin UDesign Core versions = 4.14.0...

WordPress UDesign Core plugin <= 4.14.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin UDesign Core versions = 4.14.0...

WordPress Kallyas theme <= 4.22.0 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by ? in WordPress Theme KALLYAS versions = 4.22.0...

WordPress Permalink Manager Lite Plugin <= 2.5.1.3 - Sensitive Data Exposure Vulnerability

Sensitive Data Exposure Vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Permalink Manager Lite versions = 2.5.1.3...

WordPress Traveler Theme < 3.2.3 - Arbitrary Content Deletion Vulnerability

Arbitrary Content Deletion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Traveler versions 3.2.3...

WordPress Traveler theme < 3.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Traveler versions 3.2.3...

WordPress ELEX WooCommerce Google Shopping (Google Product Feed) plugin <= 1.4.3 - Authenticated (Admin+) SQL Inejction vulnerability

Authenticated Admin+ SQL Inejction vulnerability discovered by dutafi in WordPress Plugin ELEX WooCommerce Google Shopping versions = 1.4.3...

WordPress Recent Posts Widget Extended plugin <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via rpwe Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via rpwe Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Recent Posts Widget Extended versions = 2.0.2...

WordPress SKT Addons for Elementor plugin <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin SKT Addons for Elementor versions = 3.7...

WordPress Admin Menu Editor plugin <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via placeholder Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Admin Menu Editor versions = 1.14...

WordPress aThemes Addons for Elementor Lite plugin <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin aThemes Addons for Elementor versions = 1.1.2...

WordPress Smart Table Builder plugin <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Smart Table Builder versions = 1.0.1...

WordPress StreamWeasels Kick Integration plugin <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via vodsChannel Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin SW Kick Integration versions = 1.1.5...

WordPress Content Views plugin <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Grid and List Widgets vulnerability discovered by Webbernaut in WordPress Plugin Content Views versions = 4.1...

WordPress Cloud SAML SSO plugin <= 1.0.19 - Missing Authorization to Unauthenticated Settings Modification via set_organization_settings Action vulnerability

Missing Authorization to Unauthenticated Settings Modification via setorganizationsettings Action vulnerability discovered by kr0d in WordPress Plugin Cloud SAML SSO - Single Sign On Login versions = 1.0.19...

WordPress Cloud SAML SSO plugin <= 1.0.19 - Missing Authorization to Unauthenticated Identity Provider Deletion via delete_config Action vulnerability

Missing Authorization to Unauthenticated Identity Provider Deletion via deleteconfig Action vulnerability discovered by kr0d in WordPress Plugin Cloud SAML SSO - Single Sign On Login versions = 1.0.19...

WordPress AdForest theme <= 6.0.9 - Authentication Bypass to Admin vulnerability

Authentication Bypass to Admin vulnerability discovered by Tonn in WordPress Theme AdForest versions = 6.0.9...

WordPress Optio Dentistry plugin <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Optio Dentistry versions = 2.2...

WordPress UsersWP plugin <= 1.2.44 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin UsersWP versions = 1.2.44...

WordPress LA-Studio Element Kit for Elementor plugin <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Multiple Widgets vulnerability discovered by zer0gh0st in WordPress Plugin LA-Studio Element Kit for Elementor versions = 1.5.5.1...

WordPress AdForest Theme <= 6.0.9 is vulnerable to Broken Authentication

Software AdForest Type Theme Vulnerable versions = 6.0.9 Fixed in 6.0.10 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2025-8359 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f086df38edf9 Credits Tonn Required...

WordPress Multi Step Form plugin <= 1.7.25 - Authenticated (Admin+) Arbitrary File Upload vulnerability

Authenticated Admin+ Arbitrary File Upload vulnerability discovered by tmrswrr in WordPress Plugin Multi Step Form versions = 1.7.25...

WordPress User Registration plugin <= 4.3.0 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Jack Pas Dark. in WordPress Plugin User Registration versions = 4.3.0...

WordPress Easy Social Feed plugin <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by Webbernaut in WordPress Plugin Easy Social Feed versions = 6.6.7...

WordPress Html Social share buttons plugin <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin Html Social share buttons versions = 2.1.16...

WordPress Rehub theme <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost vulnerability

Unauthenticated Arbitrary Shortcode Execution via refilterpost vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...

WordPress Rehub theme <= 19.9.7 - Unauthenticated Password Protected Post Disclosure vulnerability

Unauthenticated Password Protected Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...

WordPress OceanWP theme < 4.1.2 - Subscriber+ Limited Option Update vulnerability

Subscriber+ Limited Option Update vulnerability discovered by Hamit Cibo in WordPress Theme OceanWP versions 4.1.2...

WordPress Biagiotti Core plugin <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Plugin Biagiotti Core versions = 2.1.3...

WordPress Course Booking Platform Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin Course Booking Platform versions = 1.0.0...