by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors The Mega Store Woocommerce WordPress theme (slug: mega-store-woocommerce) has a Medium severity issue (CVSS 5.3) that can be abused by an attacker who already has a logged-in account on your site. This includes low-privilege roles such as Subscriber and...
by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors Buyent Theme (bundled with the Buyent Classified plugin, slug buyent) has a Critical vulnerability (CVSS 9.8, CVE-2025-13851) that can be exploited remotely over the internet. The issue involves the user registration flow exposed through a REST API...
by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors Shopire (slug: shopire) versions 1.0.57 and earlier have a Medium-severity vulnerability (CVSS 4.3, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) tracked as CVE-2025-13091. An attacker must have an authenticated WordPress account with Subscriber-level...
by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors Renden (slug: renden) versions up to and including 1.8.1 are affected by a Medium-severity vulnerability (CVE-2025-12117, CVSS 6.4) that enables authenticated stored cross-site scripting (XSS) through the post title. The most likely entry point is a...
by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors The WordPress theme NewsBlogger (versions 0.2.5.6 to 0.2.6.1) is affected by a High severity vulnerability (CVE-2025-12821, CVSS 8.8) that can be exploited through Cross-Site Request Forgery (CSRF). In practical terms, an attacker does not need to log...
by Ivan Sorkin | Feb 18, 2026 | Themes
Attack Vectors The Drift WordPress theme (versions 1.5.0 and earlier) has a Medium-severity vulnerability (CVE-2025-12116, CVSS 6.4) that can be abused by an authenticated user with at least Contributor access. In practical terms, this means anyone who can create or...
Recent Comments