7.1
CVE-2026-28075 - WordPress Porto theme <= 7.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto porto allows Reflected XSS.This issue affects Porto: from n/a through <= 7.6.2.
9.8
CVE-2026-28074 - WordPress Pizza House theme <= 1.4.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0.
7.1
CVE-2026-28072 - WordPress pixfort Core plugin <= 3.2.22 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixFort pixfort Core pixfort-core allows Reflected XSS.This issue affects pixfort Core: from n/a through <= 3.2.22.
6.3
CVE-2026-28071 - WordPress pixfort Core plugin <= 3.2.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pixfort Core: from n/a through <= 3.2.22.
8.1
CVE-2026-28069 - WordPress Le Truffe theme <= 1.1.7 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Le Truffe letruffe allows PHP Local File Inclusion.This issue affects Le Truffe: from n/a through <= 1.1.7.
8.1
CVE-2026-28068 - WordPress Rhythmo theme <= 1.3.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Rhythmo rhythmo allows PHP Local File Inclusion.This issue affects Rhythmo: from n/a through <= 1.3.4.
8.1
CVE-2026-28067 - WordPress Bassein theme <= 1.0.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bassein bassein allows PHP Local File Inclusion.This issue affects Bassein: from n/a through <= 1.0.15.
8.1
CVE-2026-28066 - WordPress Legrand theme <= 2.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legrand legrand allows PHP Local File Inclusion.This issue affects Legrand: from n/a through <= 2.17.
8.1
CVE-2026-28065 - WordPress Eject theme <= 2.17 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Eject eject allows PHP Local File Inclusion.This issue affects Eject: from n/a through <= 2.17.
8.1
CVE-2026-28064 - WordPress Edge Decor theme <= 2.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Edge Decor edge-decor allows PHP Local File Inclusion.This issue affects Edge Decor: from n/a through <= 2.2.