CVE-2026-42749

CVE-2026-42749 concerns a vulnerability in the WordPress plugin “Disable Comments for Any Post Types (Remove comments)” by Themeisle. Connected documents specify a Broken Authentication issue that enables an authentication bypass via an alternate path/channel, with potential for “Password Recover...

CVE-2026-1755 Menu Icons by ThemeIsle <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting

The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpattachmentimagealt’ post meta in all versions up to, and including, 0.13.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1755

The CVE concerns the WordPress plugin Menu Icons by ThemeIsle (versions up to and including 0.13.20). It describes a Stored Cross-Site Scripting vulnerability via the _wp_attachment_image_alt post meta caused by insufficient input sanitization and output escaping. Exploitation requires authentica...

CVE-2024-30235

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2024-31301

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

CVE-2023-33927

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19...

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via titletag Parameter vulnerability discovered by Ankit Patel in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.43...

CVE-2023-39920 WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through = 2.9.2...

CVE-2024-47325

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

WordPress Menu Icons by ThemeIsle plugin <= 0.13.13 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG Upload vulnerability discovered by wesley wcraft in WordPress Plugin Menu Icons by ThemeIsle versions = 0.13.13...

CVE-2024-31301

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

PT-2024-23281 · Themeisle · Multiple Page Generator Plugin

Name of the Vulnerable Software and Affected Versions: Multiple Page Generator Plugin – MPG versions 3.4.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Themeisle Multiple Page Generator Plugin – MPG. This vulnerability allows unauthorized access du...

CVE-2024-1499

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings'titletags' parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-2126 Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Plugin Orbit Fox by ThemeIsle Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2024-0508

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possib...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.26 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.26 Fixed in 2.10.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6781 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fb89b560bda8 Credits Nex Team...

CVE-2023-33927

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19...