34 matches found
CVE-2025-7368
CVE-2025-7368 — REHub WordPress Theme: Unauthenticated information exposure in REHub up to version 19.9.7 due to insufficient restrictions in the ajax_action_re_getfullcontent path, allowing access to password-protected post data. Affected: REHub Theme for WordPress (versions ≤ 19.9.7). Root caus...
CVE-2025-7366 Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...
CVE-2025-7366 Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value befor...
CVE-2025-7366
The CVE-2025-7366 entry concerns the REHub - Price Comparison, Multi Vendor Marketplace WordPress Theme. According to multiple sources in the connected documents, versions up to and including 19.9.7 are affected by an unauthenticated arbitrary shortcode execution flaw triggered via re_filterpost,...
WordPress Rehub theme <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost vulnerability
Unauthenticated Arbitrary Shortcode Execution via refilterpost vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...
WordPress Rehub theme <= 19.9.7 - Unauthenticated Password Protected Post Disclosure vulnerability
Unauthenticated Password Protected Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme Rehub versions = 19.9.7...
WordPress Rehub Theme <= 19.9.7 is vulnerable to Content Injection
Software Rehub Type Theme Vulnerable versions = 19.9.7 Fixed in 19.9.8 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2025-7366 Patch priority Medium CVSS severity Medium 7.3 Developer Claim ownership PSID ebd91ec5bebd Credits stealthcopter Required privilege Unauthenticated...
WordPress Rehub Theme <= 19.9.7 is vulnerable to Sensitive Data Exposure
Software Rehub Type Theme Vulnerable versions = 19.9.7 Fixed in 19.9.8 OWASP Top 10 A7: Identification and Authentication Failures Classification Sensitive Data Exposure CVE CVE-2025-7368 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 2dc0fcd2d1f5 Credits stealthcopter...
CVE-2024-31232 WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1...
CVE-2024-31233 WordPress Rehub theme <= 19.6.1 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Sizam Rehub.This issue affects Rehub: from n/a through 19.6.1...
WordPress Rehub theme <= 19.6.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...
WordPress Rehub theme <= 19.6.1 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Rehub versions = 19.6.1...
WordPress Rehub Theme <= 19.6.1 is vulnerable to Local File Inclusion
Software Rehub Type Theme Vulnerable versions = 19.6.1 Fixed in 19.6.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-31231 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 189370c86e72 Credits Rafie Muhammad Patchstack Required privilege...
WordPress Rehub Theme <= 19.6.1 is vulnerable to Local File Inclusion
Software Rehub Type Theme Vulnerable versions = 19.6.1 Fixed in 19.6.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-31232 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID 8895860d7f84 Credits Rafie Muhammad Patchstack Required privilege Editor...