by Ivan Sorkin | Mar 4, 2026 | Themes
Attack Vectors The WordPress theme Vizeon – Business Consulting (slug: vizeon) is affected by a Critical vulnerability (CVE-2025-31064) that can be exploited without logging in. This means attackers can target your public website directly over the internet,...
by Ivan Sorkin | Mar 2, 2026 | Themes
Attack Vectors CVE-2026-2583 affects the Blocksy WordPress theme (slug: blocksy) in versions up to and including 2.1.30. It is a Medium-severity issue (CVSS 6.4) involving authenticated (Contributor-level or higher) users. The practical attack path is straightforward:...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2026-27069 is a Medium severity vulnerability (CVSS 6.4) affecting the Soledad WordPress theme (versions up to and including 8.7.2). The attack requires an authenticated WordPress account with Contributor-level access or higher. In practical terms,...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2026-25459 is a Medium severity missing authorization issue affecting the Sober WordPress theme (slug: sober) in versions up to, and including, 3.5.12. Because the attack requires an authenticated account (subscriber-level or above), the most common...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Business Roy (WordPress theme slug: business-roy) versions ≤ 1.1.4 are affected by CVE-2026-25395, rated Medium severity (CVSS 4.3; vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). This issue can be exploited by an authenticated user with...
by Ivan Sorkin | Feb 26, 2026 | Themes
CVE-2026-25394 is a Medium-severity (CVSS 4.3) authorization issue affecting the Fitness FSE WordPress theme (slug: fitness-fse) in versions up to and including 1.0.6. Due to a missing permission check, an authenticated user (subscriber-level and above) may be able to...
Recent Comments