VYPR

Vendor CVEs

Themerex

All CVEs

125 total · sorted by risk
  • CVE-2026-27084CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11.

  • CVE-2026-27083CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2.

  • CVE-2026-27082CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Love Story lovestory allows Object Injection.This issue affects Love Story: from n/a through <= 1.3.12.

  • CVE-2026-28105CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7.

  • CVE-2026-28074CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0.

  • CVE-2026-28043CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Healer - Doctor, Clinic & Medical WordPress Theme healer allows PHP Local File Inclusion.This issue affects Healer - Doctor, Clinic & Medical…

  • CVE-2026-27439CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5.

  • CVE-2026-27438CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7.

  • CVE-2026-27437CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3.

  • CVE-2026-22474CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through <= 1.5.

  • CVE-2026-22453CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <= 2.3.

  • CVE-2025-54001CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.01

    Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through <= 2.5.

  • CVE-2025-69405CriFeb 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through <= 1.2.11.

  • CVE-2025-69404CriFeb 20, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.10.

  • CVE-2025-69079CriJan 22, 2026
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Sound | Musical Instruments Online Store musicplace allows Object Injection.This issue affects Sound | Musical Instruments Online Store: from n/a through <= 1.6.9.

  • CVE-2025-49890CriAug 20, 2025
    risk 0.64cvss 9.8epss 0.00

    Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a through <= 1.4.6.

  • CVE-2023-37496HigAug 1, 2023
    risk 0.54cvss 8.3epss 0.00

    HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.

  • CVE-2021-27788HigMar 10, 2023
    risk 0.54cvss 8.3epss 0.01

    HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability.  By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies,…

  • CVE-2018-10712HigOct 30, 2018
    risk 0.54cvss 7.8epss 0.01

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to…

  • CVE-2018-10711HigOct 30, 2018
    risk 0.54cvss 7.8epss 0.02

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to…

  • CVE-2018-10709HigOct 30, 2018
    risk 0.54cvss 7.8epss 0.01

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways…

  • CVE-2026-22504HigMar 25, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through <= 1.1.12.

  • CVE-2026-22503HigMar 25, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelson: from n/a through <= 1.2.0.

  • CVE-2026-22494HigMar 25, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Good Homes good-homes allows PHP Local File Inclusion.This issue affects Good Homes: from n/a through <= 1.3.13.

  • CVE-2026-22324HigMar 20, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: from n/a through 2.5.0.

  • CVE-2026-28128HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: from n/a through <= 1.7.0.

  • CVE-2026-28107HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Muzicon muzicon allows PHP Local File Inclusion.This issue affects Muzicon: from n/a through <= 1.9.0.

  • CVE-2026-28098HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Save Life save-life allows PHP Local File Inclusion.This issue affects Save Life: from n/a through <= 1.2.13.

  • CVE-2026-28097HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Artrium artrium allows PHP Local File Inclusion.This issue affects Artrium: from n/a through <= 1.0.14.

  • CVE-2026-28096HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX WealthCo wealthco allows PHP Local File Inclusion.This issue affects WealthCo: from n/a through <= 2.18.

  • CVE-2026-28095HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Marcell marcell allows PHP Local File Inclusion.This issue affects Marcell: from n/a through <= 1.2.14.

  • CVE-2026-28094HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX RexCoin rexcoin allows PHP Local File Inclusion.This issue affects RexCoin: from n/a through <= 1.2.6.

  • CVE-2026-28093HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Ozisti ozisti allows PHP Local File Inclusion.This issue affects Ozisti: from n/a through <= 1.1.10.

  • CVE-2026-28091HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Coleo coleo allows PHP Local File Inclusion.This issue affects Coleo: from n/a through <= 1.1.7.

  • CVE-2026-28090HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gamezone gamezone allows PHP Local File Inclusion.This issue affects Gamezone: from n/a through <= 1.1.11.

  • CVE-2026-28089HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects Daiquiri: from n/a through <= 1.2.4.

  • CVE-2026-28088HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aqualots aqualots allows PHP Local File Inclusion.This issue affects Aqualots: from n/a through <= 1.1.6.

  • CVE-2026-28087HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Filmax filmax allows PHP Local File Inclusion.This issue affects Filmax: from n/a through <= 1.1.11.

  • CVE-2026-28086HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affects Run Gran: from n/a through <= 2.0.

  • CVE-2026-28085HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mahogany mahogany allows PHP Local File Inclusion.This issue affects Mahogany: from n/a through <= 2.9.

  • CVE-2026-28084HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bazinga bazinga allows PHP Local File Inclusion.This issue affects Bazinga: from n/a through <= 1.1.9.

  • CVE-2026-28081HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Windsor: from n/a through <= 2.5.0.

  • CVE-2026-28077HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vapester vapester allows PHP Local File Inclusion.This issue affects Vapester: from n/a through <= 1.1.10.

  • CVE-2026-28069HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Le Truffe letruffe allows PHP Local File Inclusion.This issue affects Le Truffe: from n/a through <= 1.1.7.

  • CVE-2026-28068HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Rhythmo rhythmo allows PHP Local File Inclusion.This issue affects Rhythmo: from n/a through <= 1.3.4.

  • CVE-2026-28067HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bassein bassein allows PHP Local File Inclusion.This issue affects Bassein: from n/a through <= 1.0.15.

  • CVE-2026-28066HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legrand legrand allows PHP Local File Inclusion.This issue affects Legrand: from n/a through <= 2.17.

  • CVE-2026-28064HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Edge Decor edge-decor allows PHP Local File Inclusion.This issue affects Edge Decor: from n/a through <= 2.2.

  • CVE-2026-28063HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Asia Garden asia-garden allows PHP Local File Inclusion.This issue affects Asia Garden: from n/a through <= 1.3.1.

  • CVE-2026-28062HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Happy Baby happy-baby allows PHP Local File Inclusion.This issue affects Happy Baby: from n/a through <= 1.2.12.

Page 1 of 3