Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19 matches found

RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.1 views

CVE-2026-5077

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS6AI score0.00034EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/02 9:26 a.m.1 views

CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS6AI score0.00034EPSS
Exploits0References2
CVE
CVEadded 2026/05/02 9:26 a.m.2 views

CVE-2026-5077

The CVE-2026-5077 entry affects the WordPress Total theme. Vulnerable component: rendering of the_title() inside HTML attribute context in the Home Page blog section template. Root cause: insufficient output escaping in post titles, allowing Stored XSS. Impact: authenticated attackers with contri...

5.4CVSS6AI score0.00034EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/02 9:26 a.m.27 views

CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS0.00034EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/02 9:26 a.m.1 views

CVE-2026-5077

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS6AI score0.00034EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/02 12:0 a.m.3 views

PT-2026-36597

Name of the Vulnerable Software and Affected Versions Total theme for WordPress versions prior to 2.2.2 Description Stored Cross-Site Scripting is possible via post titles due to insufficient output escaping when rendering the the title function inside HTML attribute context in the home blog...

5.4CVSS6AI score0.00034EPSS
Exploits0References5
Patchstack
Patchstackadded 2026/05/01 8:29 p.m.2 views

WordPress Total theme <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Theme Total versions = 2.2.1...

5.4CVSS5.8AI score0.00034EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 9:58 a.m.6 views

CVE-2024-1771

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

4.3CVSS6.4AI score0.0008EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/12/13 2:23 p.m.16 views

CVE-2023-27456 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19...

4.3CVSS0.00125EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/12/13 2:23 p.m.9 views

CVE-2023-27456 WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in hashthemes Total total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through = 2.1.19...

4.3CVSS7.3AI score0.00125EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/12/13 12:0 a.m.1 views

PT-2024-12133 · Unknown · Total Theme

Name of the Vulnerable Software and Affected Versions: Total versions prior to 2.1.19 Description: The issue allows authenticated users to activate arbitrary plugins due to missing authorization, exploiting incorrectly configured access control security levels. Recommendations: Update to Total...

4.3CVSS8.8AI score0.00125EPSS
Exploits0References13
NVD
NVDadded 2024/03/06 6:15 a.m.12 views

CVE-2024-1771

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

4.3CVSS5AI score0.0008EPSS
Exploits0References3
Prion
Prionadded 2024/03/06 6:15 a.m.18 views

Design/Logic Flaw

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

5CVSS5AI score0.0008EPSS
Exploits0References3
CVE
CVEadded 2024/03/06 5:33 a.m.67 views

CVE-2024-1771

CVE-2024-1771 affects the WordPress Total theme up to version 2.1.59. Root cause: missing capability check in total_order_sections(), enabling authenticated users with subscriber+ access to modify homepage sections. Impact: unauthorized modification of data on the homepage. Mitigation: upgrade to...

4.3CVSS5.3AI score0.0008EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2024/03/06 5:33 a.m.12 views

CVE-2024-1771 Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

4.3CVSS6.7AI score0.0008EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/03/06 5:33 a.m.19 views

CVE-2024-1771 Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

4.3CVSS5.2AI score0.0008EPSS
Exploits0References3
Patchstack
Patchstackadded 2024/03/06 12:0 a.m.9 views

WordPress Total Theme <= 2.1.59 is vulnerable to Broken Access Control

Software Total Type Theme Vulnerable versions = 2.1.59 Fixed in 2.1.60 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1771 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 28437cd16373 Credits Krzysztof Zając Required privilege...

5.3CVSS6.9AI score0.0008EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDBadded 2024/03/05 12:0 a.m.14 views

Total < 2.1.60 - Missing Authorization to Authenticated (Subscriber+) Sections Update

Description The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and abov...

5.3CVSS5.4AI score0.0008EPSS
Exploits0References1
Patchstack
Patchstackadded 2023/03/01 12:0 a.m.6 views

WordPress Total Theme <= 2.1.19 is vulnerable to Broken Authentication

Software Total Type Theme Vulnerable versions = 2.1.19 Fixed in 2.1.20 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-27456 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 9519255e632c Credits Dave Jong Patchstack Required...

6.8AI score0.00125EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder