56 matches found
CVE-2022-0440
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...
CVE-2023-25961
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Catch Themes Darcie theme = 1.1.5 versions...
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
EUVD-2025-202101
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543 WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
PT-2025-49919
Name of the Vulnerable Software and Affected Versions Catch Themes Essential Widgets versions through 2.2.2 Description A flaw exists in Catch Themes Essential Widgets that allows for Stored Cross-site Scripting XSS. This issue occurs due to improper neutralization of input during web page...
EUVD-2024-40792
Malicious code in bioql PyPI...
EUVD-2023-29848
Malicious code in bioql PyPI...
EUVD-2025-9853
Malicious code in bioql PyPI...
EUVD-2024-42392
Malicious code in bioql PyPI...
CVE-2024-47356
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through = 2.9.1...
CVE-2024-44010
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...
CVE-2025-23619
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue affects Catch Duplicate Switcher: from n/a through = 2.0...
CVE-2024-44010
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2...
CVE-2024-44010 WordPress Full frame theme <= 2.7.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...
CVE-2024-47313
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Catch Base allows Stored XSS.This issue affects Catch Base: from n/a through 3.4.6...
CVE-2024-47313
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through = 3.4.6...
CVE-2024-47313
CVE-2024-47313: WordPress Catch Base theme