8.5
CVE-2026-28133 - WordPress Filr plugin <= 1.2.14 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14.
7.1
CVE-2026-28130 - WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through <= 4.14.0.
8.1
CVE-2026-28129 - WordPress Little Birdies theme <= 1.3.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This issue affects Little Birdies: from n/a through <= 1.3.16.
8.1
CVE-2026-28128 - WordPress Verse theme <= 1.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: from n/a through <= 1.7.0.
7.1
CVE-2026-28127 - WordPress Lawyer Directory plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directory: from n/a through <= 1.3.2.
7.1
CVE-2026-28126 - WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam RH Frontend Publishing Pro rh-frontend allows Reflected XSS.This issue affects RH Frontend Publishing Pro: from n/a through < 4.3.4.
8.1
CVE-2026-28125 - WordPress Midi theme <= 1.14 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Midi midi allows PHP Local File Inclusion.This issue affects Midi: from n/a through <= 1.14.
8.1
CVE-2026-28124 - WordPress Notarius theme <= 1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Notarius notarius allows PHP Local File Inclusion.This issue affects Notarius: from n/a through <= 1.9.
8.1
CVE-2026-28123 - WordPress Veil theme <= 1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9.
7.1
CVE-2026-28122 - WordPress ListingPro plugin <= 2.9.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from n/a through <= 2.9.8.