Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.1 CVE-2025-69112

WordPress Planty theme <= 1.14.0 - Local File Inclusion vulnerability_CVE-2025-69112

Unauthenticated Local File Inclusion in Planty

ThemeREX Planty n/a CVE
HIGH 8.1 CVE-2025-69109

WordPress Raider Spirit theme <= 1.1.2 - Local File Inclusion vulnerability_CVE-2025-69109

Unauthenticated Local File Inclusion in Raider Spirit

ThemeREX Raider Spirit n/a CVE
CRITICAL 9.8 CVE-2025-69108

WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability_CVE-2025-69108

Unauthenticated PHP Object Injection in Hot Coffee

ThemeREX Hot Coffee n/a CVE
HIGH 8.1 CVE-2025-69107

WordPress Rosaleen theme <= 2.8 - Local File Inclusion vulnerability_CVE-2025-69107

Unauthenticated Local File Inclusion in Rosaleen

ThemeREX Rosaleen n/a CVE
HIGH 8.1 CVE-2025-69105

WordPress Modernee theme <= 1.6.0 - Local File Inclusion vulnerability_CVE-2025-69105

Unauthenticated Local File Inclusion in Modernee

ThemeREX Modernee n/a CVE
HIGH 7.1 CVE-2025-69104

WordPress Qreatix theme <= 1.9.4 - Cross Site Scripting (XSS) vulnerability_CVE-2025-69104

Unauthenticated Cross Site Scripting (XSS) in Qreatix

jkdevstudio Qreatix n/a CVE
HIGH 7.5 CVE-2025-69103

WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability_CVE-2025-69103

Subscriber Arbitrary Content Deletion in Brikk

Utillz Brikk n/a CVE
HIGH 8.1 CVE-2025-60085

WordPress Learnify theme <= 1.15.0 - Local File Inclusion vulnerability_CVE-2025-60085

Unauthenticated Local File Inclusion in Learnify

ThemeREX Group Learnify n/a CVE
HIGH 8.1 CVE-2025-58924

WordPress Geya theme <= 1.15 - Local File Inclusion vulnerability_CVE-2025-58924

Unauthenticated Local File Inclusion in Geya

ThemeREX Group Geya n/a CVE
CRITICAL 9.3 CVE-2026-48745

Traccar Client: silent configuration hijack via unverified deep link redirects all GPS telemetry_CVE-2026-48745

Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7...

traccar traccar-client < 9.7.20 CVE