Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through...
7.2CVSS
6.8AI Score
0.0004EPSS
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post/page 'Title' value in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to....
6.4CVSS
5AI Score
0.001EPSS
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to...
6.4CVSS
5AI Score
0.001EPSS
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web server, such as...
4.9CVSS
5.3AI Score
0.001EPSS
5.3CVSS
5.3AI Score
0.001EPSS