9 matches found
CVE-2025-0837
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...
CVE-2025-0837
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...
CVE-2025-0837 Puzzles <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...
CVE-2025-0837 Puzzles <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...
CVE-2025-0837
CVE-2025-0837 : Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via shortcodes in versions up to and including 4.2.4 due to insufficient input sanitization and output escaping on user-supplied attributes. The issue can be exploited by authenticated attackers with at...
PT-2025-6809 · WordPress · Puzzles
Name of the Vulnerable Software and Affected Versions: The Puzzles theme for WordPress versions up to, and including, 4.2.4 Description: The issue is related to Stored Cross-Site Scripting via shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes. This...
WordPress Puzzles theme <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Theme Puzzles versions = 4.2.4...
PT-2025-6441 · WordPress · The Puzzles | Wp Magazine / Review With Store Wordpress Theme + Rtl
Name of the Vulnerable Software and Affected Versions: The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress versions up to, and including, 4.2.4 Description: The issue is related to a missing capability check on the theme options ajax post action AJAX action,...
WordPress Puzzles theme <= 4.2.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Theme Puzzles versions = 4.2.4...