7.1
CVE-2026-28042 - WordPress Listify plugin <= 3.2.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through <= 3.2.5.
8.1
CVE-2026-28041 - WordPress Grit theme <= 1.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Grit grit allows PHP Local File Inclusion.This issue affects Grit: from n/a through <= 1.0.1.
7.5
CVE-2026-28039 - WordPress wpDataTables plugin <= 6.5.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpDataTables wpDataTables wpdatatables allows PHP Local File Inclusion.This issue affects wpDataTables: from n/a through <= 6.5.0.1.
6.5
CVE-2026-28038 - WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.21.1 - Broken Access Control vulnerβ¦
Missing Authorization vulnerability in Brainstorm_Force Ultimate Addons for WPBakery Page Builder ultimate_vc_addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a through <= 3.21.1.
7.1
CVE-2026-28037 - WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through <= 4.9.12.
6.4
CVE-2026-28036 - WordPress Ratatouille theme <= 1.2.6 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in SkatDesign Ratatouille ratatouille allows Server Side Request Forgery.This issue affects Ratatouille: from n/a through <= 1.2.6.
8.1
CVE-2026-28035 - WordPress Printy theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Printy printy allows PHP Local File Inclusion.This issue affects Printy: from n/a through <= 1.8.
8.1
CVE-2026-28034 - WordPress Progress theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through <= 1.2.
8.1
CVE-2026-28033 - WordPress Edifice theme <= 1.8 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Edifice edifice allows PHP Local File Inclusion.This issue affects Edifice: from n/a through <= 1.8.
8.1
CVE-2026-28032 - WordPress Tuning theme <= 1.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tuning tuning allows PHP Local File Inclusion.This issue affects Tuning: from n/a through <= 1.3.