Lucene search
K

269 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.7 views

CVE-2024-7778

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

6.4CVSS5.8AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:47 a.m.6 views

CVE-2024-4635

The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addmimetype’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level...

6.4CVSS5.8AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:43 a.m.13 views

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

5.3CVSS7AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.7 views

CVE-2024-35682

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11...

5.3CVSS6.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:3 a.m.6 views

CVE-2024-51671

Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through = 3.0.3...

2.7CVSS5.9AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:44 a.m.5 views

CVE-2024-37467

Cross-Site Request Forgery CSRF vulnerability in themeisle Hestia hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through = 3.1.2...

4.3CVSS5.9AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:38 a.m.9 views

CVE-2024-31301

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0...

8.8CVSS8.6AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.9 views

CVE-2023-47529

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2...

7.5CVSS7.7AI score0.00972EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.16 views

CVE-2023-23708

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.4 versions...

6.5CVSS5.6AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.8 views

CVE-2023-33927

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19...

9.8CVSS8.9AI score0.00675EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:44 a.m.9 views

CVE-2023-39920

Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through = 2.9.2...

7.5CVSS7.3AI score0.00608EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:7 a.m.7 views

CVE-2022-46848

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.1 versions...

6.5CVSS5.6AI score0.00508EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:51 p.m.8 views

CVE-2022-47143

Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin = 3.3.9 versions...

8.8CVSS7.1AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.10 views

CVE-2021-24157

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfilteredhtml capability prior to saving the script tags, thus allowing lower-level users to inject scripts that could potentially be maliciou...

5.4CVSS6.7AI score0.00687EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/03/29 3:23 p.m.9 views

CVE-2025-22659

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...

6.5CVSS7.2AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 3:15 p.m.11 views

CVE-2025-22659

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...

6.5CVSS0.00265EPSS
Exploits0References1
OSV
OSV
added 2025/03/27 3:15 p.m.3 views

CVE-2025-22659

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through 2.10.44...

5.4CVSS9.2AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2025/03/27 3:1 p.m.50 views

CVE-2025-22659

CVE-2025-22659 concerns the WordPress Orbit Fox plugin by ThemeIsle (

6.5CVSS7.2AI score0.00265EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/27 3:1 p.m.5 views

CVE-2025-22659 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...

6.5CVSS7.2AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/27 3:1 p.m.16 views

CVE-2025-22659 WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through = 2.10.44...

6.5CVSS0.00265EPSS
Exploits0References1
Rows per page
Query Builder