8.1
CVE-2026-27076 - WordPress LuxeDrive theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue affects LuxeDrive: from n/a through <= 1.0.
8.1
CVE-2026-27075 - WordPress Belfort theme <= 1.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affects Belfort: from n/a through <= 1.0.
7.5
CVE-2026-27073 - WordPress Addi β Cuotas que se adaptan a ti plugin <= 2.0.4 - Broken Authentication vulnerability
Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se adaptan a ti: from n/a through <= 2.0.4.
9.1
CVE-2026-27071 - WordPress WPCafe plugin <= 3.0.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7.
7.1
CVE-2026-27054 - WordPress Penci Soledad Data Migrator plugin <= 1.3.1 - Reflected Cross Site Scripting (XSS) vulnerβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affects Penci Soledad Data Migrator: from n/a through <= 1.3.1.
9.8
CVE-2026-27051 - WordPress Golo theme <= 1.7.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.
9.8
CVE-2026-27049 - WordPress Jobica Core plugin <= 1.4.2 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.
8.1
CVE-2026-27048 - WordPress The Aisle Core plugin <= 2.0.5 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This issue affects The Aisle Core: from n/a through <= 2.0.5.
8.1
CVE-2026-27047 - WordPress Curly Core plugin <= 2.1.6 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue affects Curly Core: from n/a through <= 2.1.6.
6.5
CVE-2026-27046 - WordPress StoreCustomizer plugin <= 2.6.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Kaira StoreCustomizer woocustomizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StoreCustomizer: from n/a through <= 2.6.3.