0.0
CVE-2026-27381 - WordPress Aora theme <= 1.3.15 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from n/a through <= 1.3.15.
0.0
CVE-2026-27379 - WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7.
0.0
CVE-2026-27376 - WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site โฆ
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through <= 2.2.7.
0.0
CVE-2026-27375 - WordPress Gecko theme <= 1.9.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.
0.0
CVE-2026-27374 - WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Order Details: from n/a through <= 3.1.
0.0
CVE-2026-27373 - WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through <= 1.2.3.
0.0
CVE-2026-27370 - WordPress Chaty plugin <= 3.5.1 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1.
0.0
CVE-2026-27369 - WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6.
0.0
CVE-2026-27367 - WordPress Musico theme <= 3.2.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through <= 3.2.4.
0.0
CVE-2026-27363 - WordPress WP Bakery Autoresponder Addon plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue affects WP Bakery Autoresponder Addon: from n/a through <= 1.0.6.