by Ivan Sorkin | Feb 25, 2026 | Themes
Attack Vectors FlatNews – Responsive Magazine WordPress Theme (slug: flatnews) has a Medium-severity vulnerability (CVE-2025-32305, CVSS 6.1) that can be exploited by unauthenticated attackers through reflected cross-site scripting (XSS). In practical terms, this type...
by Ivan Sorkin | Feb 25, 2026 | Themes
Attack Vectors CVE-2025-27362 is a Critical vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting the Petito – Animals and Pets Store WooCommerce Theme (slug: bw-petito) in versions up to and including 1.6.4. It is an unauthenticated...
by Ivan Sorkin | Feb 25, 2026 | Themes
Attack Vectors CVE-2025-24761 affects the DSK – Furniture Store WooCommerce WordPress Theme (slug: dsk) in versions below 2.4. Because the issue is unauthenticated, an external attacker can target a vulnerable site over the internet without needing a username or...
by Ivan Sorkin | Feb 24, 2026 | Themes
Attack Vectors CVE-2026-25374 affects the Spa and Salon WordPress theme (slug: spa-and-salon) in versions up to and including 1.3.2. This is a Medium severity issue (CVSS 5.3; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), meaning it can be reached over the...
by Ivan Sorkin | Feb 24, 2026 | Themes
Attack Vectors CVE-2026-25374 affects the Spa and Salon WordPress theme (slug: spa-and-salon) versions up to and including 1.3.2. Because this issue can be triggered by an unauthenticated attacker, the primary exposure is any website where the theme is installed and...
by Ivan Sorkin | Feb 19, 2026 | Themes
Attack Vectors Nestin (WordPress theme, slug: nestin) versions up to 1.2.6 are vulnerable to an unauthenticated PHP Object Injection issue (Severity: High, CVSS 8.1). This means an attacker can attempt exploitation over the network without needing a login. The...
Recent Comments