7.1
CVE-2026-27088 - WordPress Darna Framework plugin <= 2.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Darna Framework darna-framework allows Reflected XSS.This issue affects Darna Framework: from n/a through <= 2.9.
7.1
CVE-2026-27087 - WordPress Wolverine Framework plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in G5Theme Wolverine Framework wolverine-framework allows Reflected XSS.This issue affects Wolverine Framework: from n/a through <= 1.9.
9.8
CVE-2026-27084 - WordPress Buisson theme <= 1.1.11 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11.
9.8
CVE-2026-27083 - WordPress Work & Travel Company theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2.
9.8
CVE-2026-27082 - WordPress Love Story theme <= 1.3.12 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12.
8.1
CVE-2026-27081 - WordPress Rosebud theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Rosebud rosebud allows PHP Local File Inclusion.This issue affects Rosebud: from n/a through <= 1.4.
8.1
CVE-2026-27080 - WordPress Deston theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects Deston: from n/a through <= 1.0.
8.1
CVE-2026-27079 - WordPress Amfissa theme <= 1.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affects Amfissa: from n/a through <= 1.1.
8.1
CVE-2026-27078 - WordPress Emaurri theme <= 1.0.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Emaurri emaurri allows PHP Local File Inclusion.This issue affects Emaurri: from n/a through <= 1.0.1.
8.1
CVE-2026-27077 - WordPress MultiOffice theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issue affects MultiOffice: from n/a through <= 1.2.