Filtered by vendor Themerex
Subscriptions
Total
122 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22494 | 2 Themerex, Wordpress | 2 Good Homes, Wordpress | 2026-04-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through <= 1.3.13. | ||||
| CVE-2026-27083 | 2 Themerex, Wordpress | 2 Work & Travel Company, Wordpress | 2026-04-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2. | ||||
| CVE-2026-22324 | 2 Themerex, Wordpress | 2 Melania, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through <= 2.5.0. | ||||
| CVE-2026-27084 | 2 Themerex, Wordpress | 2 Buisson, Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11. | ||||
| CVE-2026-27082 | 2 Themerex, Wordpress | 2 Love Story, Wordpress | 2026-04-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12. | ||||
| CVE-2026-22503 | 2 Themerex, Wordpress | 2 Nelson, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0. | ||||
| CVE-2026-22504 | 2 Themerex, Wordpress | 2 Prolingua, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12. | ||||
| CVE-2025-0837 | 1 Themerex | 1 Puzzles | 2026-04-22 | 6.4 Medium |
| The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-6997 | 1 Themerex | 1 Addons | 2026-04-20 | 6.4 Medium |
| The ThemeREX Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.35.1.1 due to insufficient input sanitization and output escaping. The plugin’s SVG rendering routine calls the trx_addons_get_svg_from_file() function on an unvalidated 'svg' parameter supplied via the shortcode or Elementor widget settings, then outputs it via the trx_addons_show_layout() function. Because there is no check on the URL’s origin, scheme, or the SVG content itself, authenticated attackers, with Contributor-level access and above, can supply a remote SVG and inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2026-28057 | 2 Themerex, Wordpress | 2 Mandala, Wordpress | 2026-04-18 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mandala mandala allows PHP Local File Inclusion.This issue affects Mandala: from n/a through <= 2.8. | ||||
| CVE-2026-28029 | 2 Themerex, Wordpress | 2 Emojination, Wordpress | 2026-04-18 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX EmojiNation emojination allows PHP Local File Inclusion.This issue affects EmojiNation: from n/a through <= 1.0.12. | ||||
| CVE-2026-22452 | 2 Themerex, Wordpress | 2 Hoverex, Wordpress | 2026-04-17 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Hoverex hoverex allows PHP Local File Inclusion.This issue affects Hoverex: from n/a through <= 1.5.10. | ||||
| CVE-2026-27986 | 2 Themerex, Wordpress | 2 Ostende, Wordpress | 2026-04-17 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX OsTende ostende allows PHP Local File Inclusion.This issue affects OsTende: from n/a through <= 1.4.3. | ||||
| CVE-2026-27996 | 2 Themerex, Wordpress | 2 Lingvico, Wordpress | 2026-04-17 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Lingvico lingvico allows PHP Local File Inclusion.This issue affects Lingvico: from n/a through <= 1.0.14. | ||||
| CVE-2026-28050 | 2 Themerex, Wordpress | 2 Beacon, Wordpress | 2026-04-17 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beacon: from n/a through <= 2.24. | ||||
| CVE-2026-28052 | 2 Themerex, Wordpress | 2 Peter Mason, Wordpress | 2026-04-17 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter Mason: from n/a through <= 1.4.5. | ||||
| CVE-2026-28086 | 2 Themerex, Wordpress | 2 Run Gran, Wordpress | 2026-04-17 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affects Run Gran: from n/a through <= 2.0. | ||||
| CVE-2026-22454 | 2 Themerex, Wordpress | 2 Solaris, Wordpress | 2026-04-16 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through <= 2.5. | ||||
| CVE-2026-27990 | 2 Themerex, Wordpress | 2 Confix, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ConFix confix allows PHP Local File Inclusion.This issue affects ConFix: from n/a through <= 1.013. | ||||
| CVE-2026-27992 | 2 Themerex, Wordpress | 2 Meals & Wheels, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Meals & Wheels meals-wheels allows PHP Local File Inclusion.This issue affects Meals & Wheels: from n/a through <= 1.1.12. | ||||