CVE-2025-9371 Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title'

The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...

PT-2025-27903 · Unknown · Sb Breadcrumbs

Name of the Vulnerable Software and Affected Versions: SB Breadcrumbs versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS in SB Breadcrumbs. Recommendations: For...

CVE-2024-27623

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs...

PT-2025-15736 · Essential Marketer · Essential Breadcrumbs

Name of the Vulnerable Software and Affected Versions: Essential Breadcrumbs versions 1.1.1 and earlier Description: A Cross-Site Request Forgery CSRF issue in Essential Marketer Essential Breadcrumbs allows Privilege Escalation. Recommendations: For Essential Breadcrumbs versions 1.1.1 and...

CVE-2023-3708

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

CVE-2023-3708 Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...