Lucene search

Theme Editor Security Vulnerabilities

cve

CVE-2023-6091

Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through...

7.2CVSS

6.8AI Score

0.0004EPSS

2024-03-26 08:15 PM

cve

CVE-2022-2516

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to....

6.4CVSS

5AI Score

0.001EPSS

2022-09-06 06:15 PM

cve

CVE-2022-2430

The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to...

6.4CVSS

5AI Score

0.001EPSS

2022-09-06 06:15 PM

cve

CVE-2021-24154

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as...

4.9CVSS

5.3AI Score

0.001EPSS

2021-04-05 07:15 PM

cve

CVE-2018-11244

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML...

5.3CVSS

5.3AI Score

0.001EPSS

2018-05-18 05:29 PM