by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors CVE-2026-5070 is a Medium severity vulnerability (CVSS 6.4) affecting the Vantage WordPress theme (slug: vantage) in versions up to and including 1.20.32. It enables authenticated users with Contributor access or higher to inject malicious script into a...
by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors CVE-2026-22417 is a High-severity vulnerability (CVSS 8.1) affecting the Grand Wedding WordPress theme (slug: grandwedding) in versions below 3.1.11. The issue can be triggered remotely over the network and does not require a user to be logged in,...
by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors Starto (WordPress theme) versions below 2.2.5 are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) issue tracked as CVE-2026-27352 (CVSS 6.1). This vulnerability can be exploited by an unauthenticated attacker by getting a user (for...
by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors Architecturer (WordPress theme, slug: architecturer) versions earlier than 3.9.5 are affected by a Medium-severity reflected cross-site scripting (XSS) issue (CVE-2026-27358, CVSS 6.1; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). This...
by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors The Musico WordPress theme (slug: musico) is affected by a Medium severity reflected cross-site scripting (XSS) vulnerability (CVE-2026-27367, CVSS 6.1). In practical terms, an attacker can attempt to inject malicious script into a page response by...
by Ivan Sorkin | Apr 15, 2026 | Themes
Attack Vectors CVE-2025-69370 is a High-severity vulnerability (CVSS 8.1, vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Capella | Restaurant WordPress theme (capella) in versions <= 2.5.5. The issue is unauthenticated, meaning an attacker does...
Recent Comments