56 matches found
CVE-2025-24730
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...
CVE-2024-49293
Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.4...
CVE-2024-49680
Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.5...
CVE-2023-52144
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15...
CVE-2023-34376
Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3...
CVE-2025-24730
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...
CVE-2025-24730 WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...
PT-2025-5544 · Rextheme · Rextheme Wp Vr
Name of the Vulnerable Software and Affected Versions: Rextheme WP VR versions through 8.5.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This enables potential attackers to execu...
CVE-2023-34376
Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3...
CVE-2023-34376
CVE-2023-34376 is a WordPress plugin vulnerability in Rextheme’s Change WooCommerce Add To Cart Button Text. The issue is described as Missing Authorization / Broken Access Control, allowing exploitation through misconfigured access control levels. Affected versions are listed as ≤ 1.3. The vulne...
CVE-2024-49680
Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.5...
CVE-2024-49680
CVE-2024-49680 : Missing authorization in the WordPress WP VR plugin allows exploitation of incorrectly configured access control. Affected: WP VR up to and including version 8.5.5 (per Patchstack, NVD/Red Hat, and related sources). Root cause: broken access control/security level misconfiguratio...
PT-2024-33633 · WordPress · Rextheme Wp Vr
Name of the Vulnerable Software and Affected Versions: Rextheme WP VR versions prior to 8.5.6 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Rextheme WP VR versions pri...
CVE-2024-49293
Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4...
CVE-2024-49293
Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.4...
CVE-2024-49293
CVE-2024-49293 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress WP VR (Rextheme WP VR) plugin, affecting versions up to and including 8.5.4. Public sources provide a CVSS v3.1 base score of 5.4 (Medium) with Network attack vector and Low impact on conf...
CVE-2024-49293 WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.4...
CVE-2023-52144
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15...
PT-2024-14433 · Rextheme · Rextheme Product Feed Manager
Name of the Vulnerable Software and Affected Versions: RexTheme Product Feed Manager versions n/a through 7.3.15 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This vulnerability affects RexTheme...
CVE-2023-40663
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rextheme WP VR plugin = 8.3.4 versions...