by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Hello FSE (WordPress theme slug: hello-fse) versions up to and including 1.0.6 have a Medium-severity vulnerability (CVSS 4.3) tracked as CVE-2026-25393. The risk comes from authenticated attackers who already have an account on your site (including...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Kiamo – Responsive Business Service WordPress Theme (slug: kiamo) has a Critical vulnerability (CVE-2025-31633, CVSS 9.8) that can be exploited remotely by an attacker with no login required. Because this is an Unauthenticated Local File Inclusion...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-14040 is a medium-severity Stored Cross-Site Scripting (XSS) issue (CVSS 6.4) affecting the Automotive Car Dealership Business WordPress Theme (slug: automotive) in versions 13.4 and earlier. An attacker must already have a WordPress account...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Listee (WordPress theme) is affected by an unauthenticated privilege escalation vulnerability in versions up to and including 1.1.6. Rated Critical (CVSS 9.8), this issue allows an attacker to create an account with Administrator privileges without...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors The Oxpitan – Nonprofit Charity WordPress Theme (slug: oxpitan) is affected by a Critical vulnerability (CVSS 9.8) that can be exploited without authentication in versions up to and including 1.3.5. This issue is a Local File Inclusion (LFI),...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-60097 is a Medium severity (CVSS 4.3) missing authorization issue in the TheGem WordPress theme (slug: thegem) affecting versions up to and including 5.10.5. An attacker must be authenticated—even a subscriber-level account is sufficient—so...
Recent Comments