8.1
CVE-2026-22389 - WordPress Cocco theme <= 2.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Cocco: from n/a through <= 2.0.
8.1
CVE-2026-22387 - WordPress Aviana theme <= 2.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects Aviana: from n/a through <= 2.1.
8.1
CVE-2026-22385 - WordPress Wolmart theme <= 1.9.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects Wolmart: from n/a through <= 1.9.6.
7.5
CVE-2025-69411 - WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through <= 1.3.
6.5
CVE-2025-69343 - WordPress Theater for WordPress plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.19.
7.5
CVE-2025-69340 - WordPress WeDesignTech Ultimate Booking Addon plugin <= 1.0.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3.
8.1
CVE-2025-69339 - WordPress Molla theme <= 1.5.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla: from n/a through <= 1.5.16.
9.3
CVE-2025-69338 - WordPress Riode Core plugin <= 1.6.26 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through <= 1.6.26.
8.1
CVE-2025-69090 - WordPress Remons theme <= 1.3.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remons: from n/a through <= 1.3.4.
9.9
CVE-2025-68555 - WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.