by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-58250 is a medium-severity Cross-Site Request Forgery (CSRF) issue affecting the Findgo WordPress theme (product/slug: fingo) in versions up to and including 1.3.55 (CVSS 4.3). CSRF attacks don’t typically “break in” through a password prompt;...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-58668 affects the WPLMS Learning Management System for WordPress (theme slug: wplms) in versions up to and including 4.970. The attack requires the attacker to be authenticated with at least subscriber-level access, meaning it is most relevant...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-53330 is a Medium-severity Stored Cross-Site Scripting (XSS) vulnerability affecting WP Rentals – Booking Accommodation WordPress Theme (slug: wprentals) up to and including version 3.16.1. It has a CVSS 6.4 score...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-53348 affects the Kalium 3 | Creative WordPress & WooCommerce Theme (slug: kalium) in versions up to and including 3.18.3. With this Medium-severity issue (CVSS 5.3, vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), an attacker can...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors CVE-2025-24779 is a High-severity vulnerability (CVSS 8.8, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) affecting the Yogi – Health Beauty & Yoga WordPress Theme (slug: yogi) in versions prior to 2.9.3. The issue is exploitable by an...
by Ivan Sorkin | Feb 26, 2026 | Themes
Attack Vectors Red Art | Artist Portfolio (WordPress theme slug: redart) is affected by CVE-2025-52828, a High severity issue (CVSS 8.8, vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability is exploitable by an authenticated user with...
Recent Comments