Lucene search
K

56 matches found

redhatcve
redhatcve
added 2025/05/23 11:43 a.m.9 views

CVE-2025-24730

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...

6.5CVSS7.2AI score0.00295EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:27 a.m.8 views

CVE-2024-49293

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.4...

5.4CVSS5.9AI score0.00255EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:37 a.m.22 views

CVE-2024-49680

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.5...

4.3CVSS5.9AI score0.00404EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:30 a.m.3 views

CVE-2023-52144

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15...

5.5CVSS8.5AI score0.00423EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 1:45 a.m.4 views

CVE-2023-34376

Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3...

5.4CVSS8.5AI score0.00522EPSS
Exploits0References1
nvd
nvd
added 2025/01/24 6:15 p.m.30 views

CVE-2025-24730

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...

6.5CVSS0.00295EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/01/24 5:25 p.m.9 views

CVE-2025-24730 WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through = 8.5.14...

6.5CVSS7.2AI score0.00295EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/01/24 12:0 a.m.10 views

PT-2025-5544 · Rextheme · Rextheme Wp Vr

Name of the Vulnerable Software and Affected Versions: Rextheme WP VR versions through 8.5.14 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This enables potential attackers to execu...

6.5CVSS7.4AI score0.00295EPSS
Exploits0References5
nvd
nvd
added 2024/12/13 3:15 p.m.6 views

CVE-2023-34376

Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3...

5.4CVSS0.00522EPSS
Exploits0References1
cve
cve
added 2024/12/13 2:23 p.m.38 views

CVE-2023-34376

CVE-2023-34376 is a WordPress plugin vulnerability in Rextheme’s Change WooCommerce Add To Cart Button Text. The issue is described as Missing Authorization / Broken Access Control, allowing exploitation through misconfigured access control levels. Affected versions are listed as ≤ 1.3. The vulne...

5.4CVSS8.5AI score0.00522EPSS
Exploits0References1
nvd
nvd
added 2024/11/19 5:15 p.m.38 views

CVE-2024-49680

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.5...

4.3CVSS0.00404EPSS
Exploits0References1
cve
cve
added 2024/11/19 4:30 p.m.51 views

CVE-2024-49680

CVE-2024-49680 : Missing authorization in the WordPress WP VR plugin allows exploitation of incorrectly configured access control. Affected: WP VR up to and including version 8.5.5 (per Patchstack, NVD/Red Hat, and related sources). Root cause: broken access control/security level misconfiguratio...

4.3CVSS5.9AI score0.00404EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/11/19 12:0 a.m.4 views

PT-2024-33633 · WordPress · Rextheme Wp Vr

Name of the Vulnerable Software and Affected Versions: Rextheme WP VR versions prior to 8.5.6 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Rextheme WP VR versions pri...

4.3CVSS6.8AI score0.00404EPSS
Exploits0References3
osv
osv
added 2024/10/21 12:15 p.m.4 views

CVE-2024-49293

Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4...

5.4CVSS5.8AI score0.00255EPSS
Exploits0References1
nvd
nvd
added 2024/10/21 12:15 p.m.28 views

CVE-2024-49293

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.4...

5.4CVSS0.00255EPSS
Exploits0References1
cve
cve
added 2024/10/21 11:12 a.m.53 views

CVE-2024-49293

CVE-2024-49293 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress WP VR (Rextheme WP VR) plugin, affecting versions up to and including 8.5.4. Public sources provide a CVSS v3.1 base score of 5.4 (Medium) with Network attack vector and Low impact on conf...

5.4CVSS5.9AI score0.00255EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2024/10/21 11:12 a.m.23 views

CVE-2024-49293 WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through = 8.5.4...

4.3CVSS0.00255EPSS
Exploits0References1
nvd
nvd
added 2024/04/15 7:15 a.m.27 views

CVE-2023-52144

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in RexTheme Product Feed Manager.This issue affects Product Feed Manager: from n/a through 7.3.15...

5.5CVSS5.5AI score0.00423EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/04/15 12:0 a.m.4 views

PT-2024-14433 · Rextheme · Rextheme Product Feed Manager

Name of the Vulnerable Software and Affected Versions: RexTheme Product Feed Manager versions n/a through 7.3.15 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability. This vulnerability affects RexTheme...

5.5CVSS9.3AI score0.00423EPSS
Exploits0References4
nvd
nvd
added 2023/09/27 3:19 p.m.21 views

CVE-2023-40663

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rextheme WP VR plugin = 8.3.4 versions...

7.1CVSS6.2AI score0.0033EPSS
Exploits0References1
Rows per page
Query Builder