16 matches found
CVE-2025-13680
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-13675
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrato...
EUVD-2025-199800
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrato...
CVE-2025-13680
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...
CVE-2025-13675
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the 'paypal-submit.php' file not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrato...
CVE-2025-13675
CVE-2025-13675 affects the Tiger WordPress Theme (pre-101.2.2; WordPress Tiger 101.2.1 and earlier). The root cause is in paypal-submit.php, which does not restrict registration roles, allowing unauthenticated attackers to set administrator during signup. Impact is unauthenticated privilege escal...
CVE-2025-13680 Tiger <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...
PT-2025-48230
Name of the Vulnerable Software and Affected Versions Tiger theme for WordPress versions prior to 101.2.2 Description The Tiger theme for WordPress is susceptible to a privilege escalation issue. The paypal-submit.php file does not properly restrict user roles during registration. This allows...
PT-2025-48231
The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-set role function. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-31027 WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through = 2.0...
CVE-2025-31027 WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0...
CVE-2025-31407
CVE-2025-31407 affects the Tiger software (up to version 2.0). The connected data indicates an authenticated (Subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Tiger, caused by improper input neutralization during web page generation. The CVSS v3.1 base metrics are: Score 6.5 (Mediu...
CVE-2025-31407 WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0...
CVE-2025-31407 WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hutsixdigital Tiger allows Stored XSS.This issue affects Tiger: from n/a through 2.0...
WordPress Tiger theme <= 2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Tiger versions = 2.0...
WordPress Tiger theme <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Tiger versions = 2.0...