Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.8 CVE-2026-27414

WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability_CVE-2026-27414

Contributor PHP Object Injection in Werkstatt

Fuelthemes Werkstatt n/a CVE
HIGH 8.1 CVE-2026-27412

WordPress Pearl – Corporate Business theme <= 3.4.10 - Local File Inclusion vulnerability_CVE-2026-27412

Unauthenticated Local File Inclusion in Pearl - Corporate Business

StylemixThemes Pearl - Corporate Business n/a CVE
HIGH 7.1 CVE-2026-27408

WordPress NativeChurch theme <= 4.8.8.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-27408

Unauthenticated Cross Site Scripting (XSS) in NativeChurch

imithemes NativeChurch n/a CVE
HIGH 7.1 CVE-2026-27404

WordPress LMS theme <= 9.7 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-27404

Unauthenticated Cross Site Scripting (XSS) in LMS

Designthemes LMS n/a CVE
HIGH 7.1 CVE-2026-27402

WordPress Kids Life | Children School WordPress theme <= 5.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-27402

Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress

Designthemes Kids Life | Children School WordPress n/a CVE
HIGH 8.8 CVE-2026-27060

WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability_CVE-2026-27060

Contributor PHP Object Injection in ARMember Premium

Reputeinfosystems ARMember Premium n/a CVE
HIGH 7.5 CVE-2026-11946

GetEndpoints Memory Exhaustion in open62541_CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpo...

open62541 project / o6 Automation GmbH open62541 1.4.0 CVE
HIGH 7.1 CVE-2025-69156

WordPress Kids Zone – Children WordPress Theme theme <= 5.4 - Cross Site Scripting (XSS) vulnerability_CVE-2025-69156

Unauthenticated Cross Site Scripting (XSS) in Kids Zone - Children WordPress Theme

Design themes Kids Zone - Children WordPress Theme n/a CVE
HIGH 7.1 CVE-2025-69155

WordPress Fitness Zone WordPress Theme theme <= 5.7 - Cross Site Scripting (XSS) vulnerability_CVE-2025-69155

Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme

Designthemes Fitness Zone WordPress Theme n/a CVE
HIGH 7.1 CVE-2025-69154

WordPress SpaLab | Beauty Salon WordPress Theme theme <= 6.7 - Cross Site Scripting (XSS) vulnerability_CVE-2025-69154

Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme

designthemes SpaLab | Beauty Salon WordPress Theme n/a CVE