Lucene search
K

105 matches found

cve
cve
added 2024/10/08 9:33 a.m.45 views

CVE-2024-8433

CVE-2024-8433 : The Easy Mega Menu Plugin for WordPress – ThemeHunk is vulnerable to a Stored Cross-Site Scripting (XSS) via the themehunk_megamenu_bg_image parameter in all versions up to and including 1.1.0, caused by insufficient input sanitization and output escaping. Exploitation requires au...

6.4CVSS6AI score0.00333EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/10/08 9:33 a.m.8 views

CVE-2024-8433 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunkmegamenubgimage' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00333EPSS
Exploits0References4
patchstack
patchstack
added 2024/10/08 3:2 a.m.4 views

WordPress ThemeHunk plugin <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin ThemeHunk versions = 1.1.0...

6.4CVSS5.7AI score0.00333EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/10/08 12:0 a.m.7 views

WordPress ThemeHunk Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software ThemeHunk Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8433 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID c1773d3ddeac Credits Lucio Sá Required...

6.4CVSS5.6AI score0.00333EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2024/10/08 12:0 a.m.3 views

WordPress plugin ThemeHunk 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References5
cvelist
cvelist
added 2024/09/25 2:5 a.m.44 views

CVE-2024-8434 Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-lev...

4.3CVSS0.00351EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/09/25 12:0 a.m.6 views

WordPress plugin ThemeHunk 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00351EPSS
Exploits0References6
patchstack
patchstack
added 2024/09/24 2:7 p.m.7 views

WordPress ThemeHunk plugin <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Settings Updates vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Updates vulnerability discovered by Lucio Sá in WordPress Plugin ThemeHunk versions = 1.0.9...

4.3CVSS7AI score0.00351EPSS
Exploits0References1Affected Software1
osv
osv
added 2024/09/17 11:15 p.m.3 views

CVE-2024-44049

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7...

5.4CVSS5.8AI score0.00248EPSS
Exploits0References1
nvd
nvd
added 2024/09/17 11:15 p.m.31 views

CVE-2024-44049

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks unlimited-blocks.This issue affects Gutenberg Blocks: from n/a through = 1.2.8...

6.5CVSS0.00248EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/09/17 10:59 p.m.17 views

CVE-2024-44049 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.7 - Authenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7...

6.5CVSS6.8AI score0.00248EPSS
Exploits0References1
cve
cve
added 2024/09/17 10:59 p.m.52 views

CVE-2024-44049

CVE-2024-44049 describes a vulnerability in the WordPress plugin Gutenberg Blocks – Unlimited blocks For Gutenberg (ThemeHunk) where versions up to and including 1.2.7 are affected by a Stored XSS due to improper neutralization of input during web page generation. The issue enables cross-site scr...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2024/05/08 12:15 p.m.8 views

CVE-2022-40218

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...

9.8CVSS6.5AI score0.00486EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/05/08 11:57 a.m.13 views

CVE-2022-40218 WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...

6.5CVSS7AI score0.00486EPSS
Exploits0References1
cvelist
cvelist
added 2024/05/08 11:57 a.m.15 views

CVE-2022-40218 WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4...

6.5CVSS6.7AI score0.00486EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/05/08 12:0 a.m.3 views

PT-2024-11627

Name of the Vulnerable Software and Affected Versions ThemeHunk Advance WordPress Search Plugin versions 1.1.4 and earlier Description The issue is related to a missing authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. This could allow unauthorized access due to missin...

9.8CVSS6.2AI score0.00486EPSS
Exploits0References8
osv
osv
added 2024/03/25 12:15 p.m.4 views

CVE-2022-38057

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1...

9.8CVSS5.8AI score0.006EPSS
Exploits0References1
nvd
nvd
added 2024/03/25 12:15 p.m.25 views

CVE-2022-38057

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1...

9.8CVSS6.5AI score0.006EPSS
Exploits0References1
cvelist
cvelist
added 2024/03/25 11:36 a.m.27 views

CVE-2022-38057 WordPress TH Advance Product Search plugin <= 1.2.1 - Unauthenticated Plugin Settings Reset vulnerability

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1...

6.5CVSS6.7AI score0.006EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/03/25 12:0 a.m.5 views

PT-2024-11608 · Themehunk · Themehunk Advance Wordpress Search Plugin

Name of the Vulnerable Software and Affected Versions: ThemeHunk Advance WordPress Search Plugin versions 1.2.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in the ThemeHunk Advance WordPress Search Plugin. Recommendations: For ThemeHunk Advance WordPress...

9.8CVSS7AI score0.006EPSS
Exploits0References4
Rows per page
Query Builder