by Ivan Sorkin | Feb 7, 2026 | Themes
Attack Vectors CVE-2025-64634 affects the Avada | Website Builder For WordPress & WooCommerce theme (versions up to and including 7.13.2) and is rated Medium severity (CVSS 4.3). The issue involves a missing authorization (capability) check, which means a...
by Ivan Sorkin | Feb 2, 2026 | Themes
Attack Vectors The WordPress theme Restaurante (slug: restaurante) is affected by a medium-severity Reflected Cross-Site Scripting (XSS) vulnerability (CVSS 6.1) in versions up to and including 3.0.7. An unauthenticated attacker can attempt to place malicious script...
by Ivan Sorkin | Feb 2, 2026 | Themes
Attack Vectors The SOHO – Photography WordPress Theme (slug: soho) is affected by a High-severity vulnerability (CVE-2025-69368, CVSS 7.2) that allows unauthenticated stored cross-site scripting (XSS) in versions up to and including 3.0.3. In practical terms, an...
by Ivan Sorkin | Feb 2, 2026 | Themes
Attack Vectors PhotoMe | Photography Portfolio (WordPress slug: photome) versions up to and including 5.6.11 have a High-severity vulnerability (CVSS 8.1) identified as CVE-2025-69301. The issue is an unauthenticated PHP Object Injection, meaning an attacker can...
by Ivan Sorkin | Feb 2, 2026 | Themes
Attack Vectors CVE-2025-69296 is a medium-severity vulnerability (CVSS 6.1) affecting the Aardvark – Community, Membership, BuddyPress WordPress theme (slug: aardvark) in versions up to and including 4.6.3. The issue is a reflected cross-site scripting (XSS)...
by Ivan Sorkin | Feb 2, 2026 | Themes
Attack Vectors CVE-2025-69298 affects the Gauge: Multi-Purpose Review Theme (slug: gauge) for WordPress, in versions up to and including 6.56.4. Because the issue is described as a “missing authorization” (missing capability check), an attacker does not need a valid...
Recent Comments