CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CVE•added 2026/03/25 4:14 p.m.•7 views

CVE-2026-24974

CVE-2026-24974 concerns the CitiLights WordPress Theme (noo-citilights) vulnerability: Deserialization of untrusted data enabling PHP object injection. Affected software: CitiLights Real Estate WordPress Theme (noo-citilights) versions up to and including 3.7.1. The issue is authenticated (Subscr...

8.8CVSS5.8AI score0.00071EPSS

Exploits0References1

Cvelist•added 2026/03/25 4:14 p.m.•25 views

CVE-2026-24973 WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NooTheme CitiLights noo-citilights allows Reflected XSS.This issue affects CitiLights: from n/a through = 3.7.1...

7.1CVSS0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/03/25 4:14 p.m.•2 views

CVE-2026-24973 WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS5.8AI score0.00045EPSS

Exploits0References1

CVE•added 2026/03/25 4:14 p.m.•8 views

CVE-2026-24973

CVE-2026-24973 affects CitiLights (NooTheme) on WordPress: Reflected XSS in noo-citilights up to v3.7.1. Root cause is improper input neutralization during web page generation. Wordfence notes it as patched; remediation is available (no public details on exact patched version in provided sources).

7.1CVSS5.8AI score0.00045EPSS

Exploits0References1

Patchstack•added 2026/03/16 6:22 a.m.•6 views

WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...

8.8CVSS5.8AI score0.00071EPSS

Exploits0Affected Software1

Patchstack•added 2026/03/16 6:21 a.m.•4 views

WordPress CitiLights theme <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...

7.1CVSS5.8AI score0.00045EPSS

Exploits0Affected Software1

Vulnrichment•added 2026/02/19 8:26 a.m.•3 views

CVE-2026-25367 WordPress CitiLights theme < 3.7.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in NooTheme CitiLights noo-citilights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CitiLights: from n/a through 3.7.2...

5.3CVSS5.5AI score0.00014EPSS

Exploits0References1

Patchstack•added 2026/02/16 1:48 p.m.•6 views

WordPress CitiLights theme < 3.7.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme CitiLights versions 3.7.2...

5.3CVSS5.4AI score0.00014EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by