CVE-2026-39627 WordPress Ashe theme <= 2.266 - Broken Access Control vulnerability

Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through = 2.266...

CVE-2026-39627

CVE-2026-39627 is associated with the WordPress theme Ashe (vulnerable up to version 2.266). The issue is described as a Missing Authorization vulnerability caused by “Exploiting Incorrectly Configured Access Control Security Levels,” enabling access control bypass. Affected product/component: Wo...

EUVD-2024-49880

Malicious code in bioql PyPI...

CVE-2024-9777

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

CVE-2024-37478 WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in wproyal Ashe ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through = 2.233...

CVE-2024-9777

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

CVE-2024-9777

CVE-2024-9777 (Ashe theme for WordPress) is a Reflected Cross‑Site Scripting issue caused by insufficient escaping of add_query_arg usage in all versions up to 2.243. The vulnerability allows unauthenticated attackers to inject scripts into pages that execute when a user is enticed to perform an ...

CVE-2024-9777 Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

CVE-2024-9777 Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter

The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut...

WordPress Ashe theme <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability

Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Theme Ashe versions = 2.243...

WordPress Ashe Theme <= 2.243 is vulnerable to Cross Site Scripting (XSS)

Software Ashe Type Theme Vulnerable versions = 2.243 Fixed in 2.244 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1ba0e6cd8ae8 Credits vgo0 Required privilege...

PT-2024-39835 · WordPress · Ashe Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Ashe theme for WordPress versions up to, and including, 2.243 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows unauthenticated attackers t...

WordPress Ashe theme <= 2.233 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Ashe versions = 2.233...

WordPress Ashe Theme <= 2.233 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ashe Type Theme Vulnerable versions = 2.233 Fixed in 2.234 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37478 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 01c115634ea3 Credits Dhabaleshwar Das Required...