by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors The kingler WordPress theme (Kingler) up to version 1.7 is affected by an unauthenticated PHP Object Injection vulnerability (severity: High, CVSS 8.1). This means an attacker can attempt to target sites using this theme without needing a login, by...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27437 affects the Tennis SportClub – Tennis Sports Events WordPress Theme (slug: tennis-sportclub) in versions up to and including 1.2.3. This is a High severity issue (CVSS 8.1) and is described as an unauthenticated PHP Object Injection...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27417 affects the Sweet Date WordPress theme (slug: sweetdate) in versions up to 4.0.1. The issue is an unauthenticated PHP object injection risk caused by deserialization of untrusted input, meaning an external attacker could potentially...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27376 is a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) vulnerability affecting the Claue – Clean, Minimal Elementor WooCommerce WordPress theme (“claue”) in versions up to and including 2.2.7. In practical terms, an...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27369 is a High-severity vulnerability (CVSS 8.1) affecting the Celeste WordPress theme (slug: celeste) in versions up to and including 1.3.6. The issue is an unauthenticated PHP Object Injection weakness caused by deserialization of untrusted...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors Musico (WordPress theme) versions up to and including 3.2.4 are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2026-27367, CVSS 6.1). This type of issue is typically exploited by sending a crafted link to a...
Recent Comments