Search Results (12300 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-22439 2 Ancorathemes, Wordpress 2 Green Planet, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Green Planet green-planet allows PHP Local File Inclusion.This issue affects Green Planet: from n/a through <= 1.1.14.
CVE-2026-22429 2 Mikado-themes, Wordpress 2 Verdure, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Verdure verdure allows PHP Local File Inclusion.This issue affects Verdure: from n/a through <= 1.6.
CVE-2026-27417 2 Seventhqueen, Wordpress 2 Sweet Date, Wordpress 2026-04-22 9.8 Critical
Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1.
CVE-2026-22424 2 Ancorathemes, Wordpress 2 Shaha, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Shaha shaha allows PHP Local File Inclusion.This issue affects Shaha: from n/a through <= 1.1.2.
CVE-2025-68555 2 Wordpress, Zozothemes 2 Wordpress, Nutrie 2026-04-22 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through < 2.0.1.
CVE-2026-1336 2 Ays Pro, Wordpress 2 Ai Chatbot With Chatgpt And Content Generator By Ays, Wordpress 2026-04-22 5.3 Medium
The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the store_data() and get_chatgpt_api_key() functions in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to view, modify or delete the plugin's ChatGPT API key. The vulnerability was partially fixed in version 2.7.5 and fully fixed in version 2.7.6
CVE-2026-22497 2 Ancorathemes, Wordpress 2 Jardi, Wordpress 2026-04-22 9.8 Critical
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2.
CVE-2025-69343 2 Jeroen Schmit, Wordpress 2 Theater For Wordpress, Wordpress 2026-04-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through <= 0.19.
CVE-2025-68553 2 Wordpress, Zozothemes 2 Wordpress, Lendiz 2026-04-22 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through < 2.0.1.
CVE-2026-22394 2 Mikado-themes, Wordpress 2 Evently, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Evently evently allows PHP Local File Inclusion.This issue affects Evently: from n/a through <= 1.7.
CVE-2026-22419 2 Ancorathemes, Wordpress 2 Honor, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Honor honor allows PHP Local File Inclusion.This issue affects Honor: from n/a through <= 2.3.
CVE-2026-22410 2 Mikado-themes, Wordpress 2 Dolcino, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Dolcino dolcino allows PHP Local File Inclusion.This issue affects Dolcino: from n/a through <= 1.6.
CVE-2026-27986 2 Themerex, Wordpress 2 Ostende, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects OsTende: from n/a through <= 1.4.3.
CVE-2026-28022 2 Themerex, Wordpress 2 Foodie, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Foodie foodie allows PHP Local File Inclusion.This issue affects Foodie: from n/a through <= 1.14.
CVE-2026-27375 2 Janstudio, Wordpress 2 Gecko, Wordpress 2026-04-22 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8.
CVE-2026-27989 2 Themerex, Wordpress 2 Quanzo, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quanzo: from n/a through <= 1.0.10.
CVE-2026-28010 2 Themerex, Wordpress 2 Scientia, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects Scientia: from n/a through <= 1.2.4.
CVE-2026-27341 2 Mikado-themes, Wordpress 2 Topscorer - Sports Wordpress Theme, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local File Inclusion.This issue affects TopScorer - Sports WordPress Theme: from n/a through <= 1.2.
CVE-2026-27995 2 Themerex, Wordpress 2 Justitia, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Justitia justitia allows PHP Local File Inclusion.This issue affects Justitia: from n/a through <= 1.1.0.
CVE-2026-27985 2 Themerex, Wordpress 2 Humanum, Wordpress 2026-04-22 8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Humanum: from n/a through <= 1.1.4.