CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2026-28010 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Scientia scientia allows PHP Local File Inclusion.This issue affects S... | 8.1 | HIGH | — | 0 |
| CVE-2026-28009 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX DroneX dronex allows PHP Local File Inclusion.This issue affects Drone... | 8.1 | HIGH | — | 0 |
| CVE-2026-28007 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coinpress coinpress allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | — | 0 |
| CVE-2026-28006 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yungen yungen allows PHP Local File Inclusion.This issue affects Yunge... | 8.1 | HIGH | — | 0 |
| CVE-2026-27998 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vixus vixus allows PHP Local File Inclusion.This issue affects Vixus: ... | 8.1 | HIGH | — | 0 |
| CVE-2026-27997 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Maxify maxify allows PHP Local File Inclusion.This issue affects Maxif... | 8.1 | HIGH | — | 0 |
| CVE-2026-27996 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affects L... | 8.1 | HIGH | — | 0 |
| CVE-2026-27995 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Justitia justitia allows PHP Local File Inclusion.This issue affects J... | 8.1 | HIGH | — | 0 |
| CVE-2026-27994 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tediss tediss allows PHP Local File Inclusion.This issue affects Tedis... | 8.1 | HIGH | — | 0 |
| CVE-2026-27993 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aldo aldo allows PHP Local File Inclusion.This issue affects Aldo: fro... | 8.1 | HIGH | — | 0 |
| CVE-2026-27992 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Meals & Wheels meals-wheels allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | — | 0 |
| CVE-2026-27991 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Avventure avventure allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | — | 0 |
| CVE-2026-27990 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows PHP Local File Inclusion.This issue affects ConFi... | 8.1 | HIGH | — | 0 |
| CVE-2026-27989 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quanz... | 8.1 | HIGH | — | 0 |
| CVE-2026-27988 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Equadio equadio allows PHP Local File Inclusion.This issue affects Equ... | 8.1 | HIGH | — | 0 |
| CVE-2026-27987 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX The Qlean the-qlean allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | — | 0 |
| CVE-2026-27986 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects OsT... | 8.1 | HIGH | — | 0 |
| CVE-2026-27985 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Humanum humanum allows PHP Local File Inclusion.This issue affects Hum... | 8.1 | HIGH | — | 0 |
| CVE-2026-27984 Improper Control of Generation of Code ('Code Injection') vulnerability in Marketing Fire Widget Options widget-options allows Code Injection.This issue affects Widget Options: from n/a through <= 4.1... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-27983 Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27982 An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to a... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27541 Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.6. | 7.2 | HIGH | — | 0 |
| CVE-2026-27439 Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27438 Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27437 Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27428 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: fr... | 8.5 | HIGH | — | 0 |
| CVE-2026-27417 Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27411 Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27406 Insertion of Sensitive Information Into Sent Data vulnerability in Joe Dolson My Tickets my-tickets allows Retrieve Embedded Sensitive Data.This issue affects My Tickets: from n/a through <= 2.1.0. | 7.5 | HIGH | — | 0 |
| CVE-2026-27396 Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through ... | 7.3 | HIGH | — | 0 |
| CVE-2026-27390 Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue af... | 8.8 | HIGH | — | 0 |
| CVE-2026-27389 Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue af... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27388 Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects... | 7.5 | HIGH | — | 0 |
| CVE-2026-27386 Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects... | 7.5 | HIGH | — | 0 |
| CVE-2026-27385 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects... | 7.1 | HIGH | — | 0 |
| CVE-2026-27384 Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total C... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-27383 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metr... | 8.1 | HIGH | — | 0 |
| CVE-2026-27382 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13. | 7.1 | HIGH | — | 0 |
| CVE-2026-27381 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora aora allows PHP Local File Inclusion.This issue affects Aora: from... | 8.1 | HIGH | — | 0 |
| CVE-2026-27379 Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.... | 8.8 | HIGH | — | 0 |
| CVE-2026-27376 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue... | 7.1 | HIGH | — | 0 |
| CVE-2026-27375 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JanStudio Gecko gecko allows Reflected XSS.This issue affects Gecko: from n/a through <= 1.9.8. | 7.1 | HIGH | — | 0 |
| CVE-2026-27374 Missing Authorization vulnerability in vanquish WooCommerce Order Details woocommerce-order-details allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommer... | 7.5 | HIGH | — | 0 |
| CVE-2026-27373 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a thro... | 8.5 | HIGH | — | 0 |
| CVE-2026-27370 Insertion of Sensitive Information Into Sent Data vulnerability in Premio Chaty chaty allows Retrieve Embedded Sensitive Data.This issue affects Chaty: from n/a through <= 3.5.1. | 7.5 | HIGH | — | 0 |
| CVE-2026-27369 Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6. | 8.1 | HIGH | — | 0 |
| CVE-2026-27367 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through < 3.4.5. | 7.1 | HIGH | — | 0 |
| CVE-2026-27363 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Stored XSS.This issue aff... | 7.1 | HIGH | — | 0 |
| CVE-2026-27362 Missing Authorization vulnerability in kamleshyadav WP Bakery Autoresponder Addon vc-autoresponder-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP B... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27361 Missing Authorization vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.