105 matches found
CVE-2024-8433
CVE-2024-8433 : The Easy Mega Menu Plugin for WordPress – ThemeHunk is vulnerable to a Stored Cross-Site Scripting (XSS) via the themehunk_megamenu_bg_image parameter in all versions up to and including 1.1.0, caused by insufficient input sanitization and output escaping. Exploitation requires au...
CVE-2024-8433 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress ThemeHunk plugin <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin ThemeHunk versions = 1.1.0...
WordPress ThemeHunk Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)
Software ThemeHunk Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8433 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c1773d3ddeac Credits Lucio Sá Required...
WordPress plugin ThemeHunk 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-8434 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...
WordPress plugin ThemeHunk 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress ThemeHunk plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin ThemeHunk versions = 1.0.9...
CVE-2024-44049
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7...
CVE-2024-44049
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...
CVE-2024-44049 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.7 - Authenticated Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7...
CVE-2024-44049
CVE-2024-44049 describes a vulnerability in the WordPress plugin Gutenberg Blocks – Unlimited blocks For Gutenberg (ThemeHunk) where versions up to and including 1.2.7 are affected by a Stored XSS due to improper neutralization of input during web page generation. The issue enables cross-site scr...
CVE-2022-40218
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...
CVE-2022-40218 WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...
CVE-2022-40218 WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...
PT-2024-11627
Name of the Vulnerable Software and Affected Versions ThemeHunk Advance WordPress Search Plugin versions 1.1.4 and earlier Description The issue is related to a missing authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. This could allow unauthorized access due to missin...
CVE-2022-38057
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1...
CVE-2022-38057
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1...
CVE-2022-38057 WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1...
PT-2024-11608 · Themehunk · Themehunk Advance Wordpress Search Plugin
Name of the Vulnerable Software and Affected Versions: ThemeHunk Advance WordPress Search Plugin versions 1.2.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. Recommendations: For ThemeHunk Advance WordPress...