WordPress ShieldGroup theme <= 2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme ShieldGroup versions = 2.13...

WordPress Militarology theme <= 1.0.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Militarology versions = 1.0.15...

WordPress Mamita theme <= 1.0.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Mamita versions = 1.0.9...

WordPress Gracioza theme <= 1.0.15 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Gracioza versions = 1.0.15...

WordPress Kings & Queens theme <= 1.1.16 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Kings & Queens versions = 1.1.16...

WordPress Ludos Paradise theme <= 2.1.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Ludos Paradise versions = 2.1.3...

WordPress Jack Well theme <= 1.0.14 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Jack Well versions = 1.0.14...

WordPress Hanani theme <= 1.2.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Hanani versions = 1.2.11...

WordPress Monyxi theme <= 1.1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Monyxi versions = 1.1.8...

WordPress Palladio theme <= 1.1.10 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Palladio versions = 1.1.10...

WordPress Lettuce theme <= 1.1.7 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lettuce versions = 1.1.7...

WordPress Lymcoin theme <= 1.3.12 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Lymcoin versions = 1.3.12...

WordPress Strux theme <= 1.9 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds in WordPress Theme Strux versions = 1.9...

WordPress Toggles Shortcode and Widget plugin <= 1.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Toggles Shortcode and Widget versions = 1.14...

WordPress Info Boxes Shortcode and Widget plugin <= 1.15 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Info Boxes Shortcode and Widget versions = 1.15...

WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Popping Sidebars and Widgets Light versions = 1.27...

WordPress OTW TinyMCE Widget plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin OTW TinyMCE Widget versions = 1.7...

WordPress Quotes Shortcode and Widget plugin <= 1.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Quotes Shortcode and Widget versions = 1.14...

WordPress FAT Event - WordPress Event and Calendar Booking plugin <= 5.15 - Local File Inclusion vulnerability

WordPress FAT Event - WordPress Event and Calendar Booking plugin = 5.15 - Local File Inclusion vulnerability discovered by Jingle Bells in WordPress Plugin FAT Event - WordPress Event and Calendar Booking versions = 5.15...

WordPress Dropcaps Shortcode and Widget plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Dropcaps Shortcode and Widget versions = 1.8...

WordPress Post Custom Templates Lite plugin <= 1.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Post Custom Templates Lite versions = 1.14...

WordPress GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership versions = 1.6.6...

WordPress Shk Corporate Theme <= 2.4.1.1 is vulnerable to Broken Access Control

Software Shk Corporate Type Theme Vulnerable versions = 2.4.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 45c7c66747ba Credits Martino Spagnuolo r3verii Requir...

WordPress SoftMe Theme <= 1.1.24 is vulnerable to Broken Access Control

Software SoftMe Type Theme Vulnerable versions = 1.1.24 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58817 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73da99fa2c92 Credits Martino Spagnuolo r3verii Required...

WordPress Consultstreet Theme <= 3.0.0 is vulnerable to Broken Access Control

Software Consultstreet Type Theme Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58813 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ac7244360900 Credits Anhchangmutrang Required privilege...

WordPress Rehub Theme <= 19.9.7 is vulnerable to Content Injection

Software Rehub Type Theme Vulnerable versions = 19.9.7 Fixed in 19.9.8 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-7366 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID ebd91ec5bebd Credits stealthcopter Required privilege Unauthenticated...

WordPress Rehub Theme <= 19.9.7 is vulnerable to Sensitive Data Exposure

Software Rehub Type Theme Vulnerable versions = 19.9.7 Fixed in 19.9.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Sensitive Data Exposure CVE CVE-2025-7368 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2dc0fcd2d1f5 Credits stealthcopter...

WordPress OceanWP Theme < 4.1.2 is vulnerable to Settings Change

Software OceanWP Type Theme Vulnerable versions 4.1.2 Fixed in 4.1.2 OWASP Top 10 A7: Identification and Authentication Failures Classification Settings Change CVE CVE-2025-8944 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e2cdad6661d0 Credits Hamit Cibo Required...

WordPress Flatsome plugin <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by stealthcopter in WordPress Theme Flatsome versions = 3.20.0...

WordPress WordPress Helpdesk Integration plugin <= 5.8.10 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Aril Aprilio forsak3n in WordPress Plugin WordPress Helpdesk Integration versions = 5.8.10...

WordPress PopAd plugin <= 1.0.4 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin PopAd versions = 1.0.4...

WordPress GlamChic theme <= 1.0.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme GlamChic versions = 1.0.11...

WordPress Gardis theme <= 1.2.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Gardis versions = 1.2.13...

WordPress Quick Paypal Payments Plugin <= 5.7.46 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Quick Paypal Payments versions = 5.7.46...

WordPress Femme theme <= 1.3.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Femme versions = 1.3.11...

WordPress Farm Agrico theme <= 1.3.11 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Farm Agrico versions = 1.3.11...

WordPress Faith & Hope theme <= 2.13.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Faith & Hope versions = 2.13.0...

WordPress Exit Game theme <= 1.4.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Exit Game versions = 1.4.3...

WordPress Etta theme <= 1.14.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Etta versions = 1.14.0...

WordPress Emberlyn theme <= 1.3.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Emberlyn versions = 1.3.1...

WordPress Echo theme <= 1.15.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Echo versions = 1.15.0...

WordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme EasyEat versions = 1.9.0...

WordPress ChildHope theme <= 1.1.8 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme ChildHope versions = 1.1.8...

WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Zuut versions = 1.4.2...

WordPress The Hospital theme <= 1.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Hospital versions = 1.8.1...

WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Barber Shop versions = 1.9...

WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Single Property versions = 2.8...

WordPress Plan My Day theme <= 1.1.13 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Plan My Day versions = 1.1.13...

WordPress Monki theme <= 2.0.5 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Monki versions = 2.0.5...

WordPress Lagom theme <= 2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lagom versions = 2.0...