by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors CVE-2026-27353 is a Medium-severity reflected cross-site scripting (XSS) issue affecting the Grand News WordPress theme (grandnews) in versions up to and including 3.4.3 (CVSS 6.1). Reflected XSS commonly occurs when a website includes user-supplied...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors Photography (slug: photography-2) for WordPress is affected by a High-severity vulnerability (CVSS 7.2, CVE-2026-27348) that allows unauthenticated stored cross-site scripting (XSS) in versions up to and including 7.6.1. In business terms, this means an...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors MediCenter – Health Medical Clinic WordPress Theme (slug: medicenter) versions up to and including 14.9 are affected by a medium-severity reflected cross-site scripting (XSS) vulnerability (CVE-2026-28137, CVSS 6.1). This issue can be exploited by...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors Porto (WordPress theme) versions up to and including 7.6.2 are affected by a Medium-severity Reflected Cross-Site Scripting (XSS) issue (CVSS 6.1). The vulnerability can be exploited by an unauthenticated attacker, but it typically requires user...
by Ivan Sorkin | Mar 5, 2026 | Themes
Attack Vectors The WordPress theme Listify (slug: listify) is affected by a Medium-severity vulnerability (CVE-2026-28042) in versions up to and including 3.2.5. This is a Reflected Cross-Site Scripting (XSS) issue, which typically involves a malicious link or request...
by Ivan Sorkin | Mar 4, 2026 | Themes
Attack Vectors Enzio – Responsive Business WordPress Theme (slug: enzio) versions up to and including 1.1.8 are affected by a Critical unauthenticated Local File Inclusion (LFI) vulnerability (CVE-2025-31912, CVSS 9.8). This means an attacker can target a...
Recent Comments