WordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Organic Beauty versions = 1.4.6...

WordPress Organic Beauty Theme <= 1.4.6 is vulnerable to PHP Object Injection

Software Organic Beauty Type Theme Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49890 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d8832a3c672f Credits Bonds Required privilege Unauthenticated...

CVE-2024-5884

The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tplfeaturedcatid’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2024-5884

The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tplfeaturedcatid’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress Beauty theme <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via tpl_featured_cat_id Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via tplfeaturedcatid Parameter vulnerability discovered by Francesco Carlucci in WordPress Theme Beauty versions = 1.1.4...

PT-2024-37221 · WordPress · The Beauty Theme

Name of the Vulnerable Software and Affected Versions: The Beauty theme for WordPress versions up to, and including, 1.1.4 Description: The issue is related to Stored Cross-Site Scripting via the tpl featured cat id parameter due to insufficient input sanitization and output escaping. This allows...

WordPress Theme Beauty &amp; Clean 1.0.8 - Arbitrary File Upload

Exploit Title: Wordpress Beauty Theme File Upload Vulnerability v1.0.8 Discovery Date: 02.09.2016 Public Disclosure Date:03.09.2016 Vendor Homepage: http://www.yourinspirationweb.com Exploit Author: Colette Chamberland Wordfence Contact: [email protected] Version: 1.0.8 may affect newer...