Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2026-40738

WordPress Eldon theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2026-40738

Unauthenticated PHP Object Injection in Eldon

Edge-Themes Eldon n/a CVE
HIGH 8.1 CVE-2026-40733

WordPress ShiftUp theme <= 1.3 - PHP Object Injection vulnerability_CVE-2026-40733

Unauthenticated PHP Object Injection in ShiftUp

Mikado-Themes ShiftUp n/a CVE
HIGH 7.1 CVE-2026-40720

WordPress Royal Elementor Addons Pro plugin < 1.7.1041 - Cross Site Scripting (XSS) vulnerability_CVE-2026-40720

Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.

Royal Elementor Addons Royal Elementor Addons Pro n/a CVE
HIGH 8.1 CVE-2026-39590

WordPress Atomlab theme <= 2.4.5 - Local File Inclusion vulnerability_CVE-2026-39590

Unauthenticated Local File Inclusion in Atomlab

ThemeMove Atomlab n/a CVE
HIGH 8.1 CVE-2026-39576

WordPress SingleMalt theme <= 1.5 - PHP Object Injection vulnerability_CVE-2026-39576

Unauthenticated PHP Object Injection in SingleMalt

Elated-Themes SingleMalt n/a CVE
HIGH 8.1 CVE-2026-39560

WordPress Hiroshi theme <= 1.5.1 - PHP Object Injection vulnerability_CVE-2026-39560

Unauthenticated PHP Object Injection in Hiroshi

Select-Themes Hiroshi n/a CVE
HIGH 8.1 CVE-2026-39559

WordPress Uppercase theme < 1.2.2 - Local File Inclusion vulnerability_CVE-2026-39559

Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.

codesupplyco Uppercase n/a CVE
HIGH 8.1 CVE-2026-39556

WordPress Konsept theme <= 1.9 - PHP Object Injection vulnerability_CVE-2026-39556

Unauthenticated PHP Object Injection in Konsept

Elated-Themes Konsept n/a CVE
HIGH 8.1 CVE-2026-39523

WordPress Solene Core plugin <= 2.3.2 - Local File Inclusion vulnerability_CVE-2026-39523

Unauthenticated Local File Inclusion in Solene Core

Elated-Themes Solene Core n/a CVE
HIGH 8.1 CVE-2026-39445

WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability_CVE-2026-39445

Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.

PressLayouts Alukas n/a CVE