60 matches found
CVE-2026-15336
The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...
EUVD-2026-44855
The Catch Themes Demo Import plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 3.3. This is due to the catchthemesdemoimportactivateplugin function, hooked on admininit when the activateplugin GET parameter is present, calling PluginUpgrader::install to...
CVE-2026-15336
The CVE describes a vulnerability in the Catch Themes Demo Import plugin for WordPress (versions up to and including 3.3). The root cause is in catch_themes_demo_import_activate_plugin(), which is hooked on admin_init when the activate_plugin parameter is present and calls Plugin_Upgrader::instal...
CVE-2022-0440
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...
CVE-2023-25961
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Catch Themes Darcie theme = 1.1.5 versions...
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
EUVD-2025-202101
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
CVE-2025-67543 WordPress Essential Widgets plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through = 2.2.2...
PT-2025-49919
Name of the Vulnerable Software and Affected Versions Catch Themes Essential Widgets versions through 2.2.2 Description A flaw exists in Catch Themes Essential Widgets that allows for Stored Cross-site Scripting XSS. This issue occurs due to improper neutralization of input during web page...
EUVD-2024-42392
Malicious code in bioql PyPI...
EUVD-2025-9853
Malicious code in bioql PyPI...
EUVD-2023-29848
Malicious code in bioql PyPI...
EUVD-2024-40792
Malicious code in bioql PyPI...
CVE-2024-47356
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through = 2.9.1...
CVE-2024-44010
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...
CVE-2025-23619
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Catch Themes Catch Duplicate Switcher catch-duplicate-switcher allows Reflected XSS.This issue affects Catch Duplicate Switcher: from n/a through = 2.0...
CVE-2024-44010
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Catch Themes Full frame allows Stored XSS.This issue affects Full frame: from n/a through 2.7.2...
CVE-2024-44010 WordPress Full frame theme <= 2.7.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through = 2.7.2...