105 matches found
CVE-2025-30881
Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through = 2.0.8...
CVE-2025-22644
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1...
CVE-2025-22644
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce vayu-blocks allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through =...
CVE-2025-22644
CVE-2025-22644 is a stored XSS in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce. Affected versions: 1.2.1 and earlier. CVSS 3.1: 6.5 (Network, Low integrity/availability impact; User interaction required; Privileges: Low). Exploitation status is not detailed in the provided...
CVE-2025-22644 WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1...
CVE-2025-30881
Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8...
CVE-2025-30881
Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through = 2.0.8...
CVE-2025-30881
Missing Authorization vulnerability in themehunk Big Store big-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Big Store: from n/a through = 2.0.8...
CVE-2025-30881
CVE-2025-30881 affects the WordPress theme Big Store (ThemeHunk) and is disclosed as a Missing Authorization vulnerability for Big Store versions up to 2.0.8. Connected Wordfence content confirms the issue is real for Big Store and shows a Patched status, indicating a fix exists in a subsequent r...
PT-2025-13135
Name of the Vulnerable Software and Affected Versions ThemeHunk Big Store versions 2.0.8 and earlier Description The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations For ThemeHunk Big Store...
CVE-2024-54369
Missing Authorization vulnerability in ThemeHunk Zita Site Builder ai-site-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through = 1.0.2...
CVE-2024-54369 WordPress Zita Site Builder plugin <= 1.0.2 - Arbitrary Plugin Installation and Activation vulnerability
Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2...
CVE-2023-28688
Cross-Site Request Forgery CSRF vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7...
CVE-2023-28688
Cross-Site Request Forgery CSRF vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7...
CVE-2023-28688
CVE-2023-28688 affects the WordPress plugin TH Variation Swatches (ThemeHunk TH Variation Swatches). A Cross-Site Request Forgery (CSRF) vulnerability exists in versions up to and including 1.2.7 and is caused by insufficient CSRF protection in the plugin’s settings/actions flow. Impact is limite...
CVE-2024-9707
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...
Exploit for Missing Authorization in Themehunk Hunk_Companion
CVE-2024-9707 Hunk Companion = 1.8.4 - Missing Authorizati...
VulnCheck KEV: CVE-2024-9707
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to...
WordPress plugin Hunk Companion 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-8433
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...