by Ivan Sorkin | Feb 11, 2026 | Themes
Attack Vectors CVE-2026-1729 is a Critical authentication bypass affecting the AdForest WordPress theme (slug: adforest) in versions up to and including 6.0.12. Because the issue can be exploited remotely over the internet with no prior access required (CVSS 9.8), it...
by Ivan Sorkin | Feb 10, 2026 | Themes
Attack Vectors Grand Blog (WordPress theme slug: grandblog) versions below 3.1.5 are affected by a High-severity Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-24961, CVSS 7.2). Because the issue is unauthenticated, an attacker does not need a login to...
by Ivan Sorkin | Feb 10, 2026 | Themes
Attack Vectors CVE-2026-24943 is a Medium-severity (CVSS 6.1) reflected cross-site scripting (XSS) issue affecting the Grand Conference WordPress theme (slug: grandconference) in versions up to and including 5.3.4. In practical terms, an attacker can attempt to...
by Ivan Sorkin | Feb 10, 2026 | Themes
Attack Vectors The vulnerability CVE-2025-69372 affects the WordPress theme SevenHills – Hiking Summer Camp Children PSD Template (slug: sevenhills) in versions up to and including 1.6.2. It is rated High severity (CVSS 8.1). Because the issue is described as...
by Ivan Sorkin | Feb 10, 2026 | Themes
Attack Vectors Golo – City Travel Guide WordPress Theme (slug: golo) versions prior to 1.7.5 are affected by a High-severity Local File Inclusion (LFI) vulnerability (CVE-2026-23975, CVSS 7.5). This issue requires an attacker to already be authenticated with at...
by Ivan Sorkin | Feb 10, 2026 | Themes
Attack Vectors CVE-2026-23974 is a Medium-severity missing authorization issue affecting the Golo – City Travel Guide WordPress Theme (slug: golo) in versions earlier than 1.7.5. Because the issue is caused by a missing capability check, it may allow an...
Recent Comments