3 matches found
CVE-2025-0170
creationtimestamp| type| source ---|---|--- 2025-01-16 02:02:40+00:00| seen| https://infosec.exchange/users/cve/statuses/113835570624797124 2025-01-16 02:15:48+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lft7jp72le2t 2025-01-16 02:48:44+00:00| seen|...
CVE-2025-0170 DWT - Directory & Listing WordPress Theme <= 3.3.3 - Reflected Cross-Site Scripting
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sortby' and 'token' parameters. This makes it possible for unauthenticated attackers to inject...
CVE-2025-0170
The CVE-2025-0170 entry documents a Reflected Cross-Site Scripting vulnerability in the DWT - Directory & Listing WordPress Theme (versions up to and including 3.3.3). The root cause is insufficient input sanitization and output escaping on the sort_by and token parameters, enabling unauthenticat...