WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Elessi versions 6.4.1...

WordPress Elessi Theme < 6.4.1 is vulnerable to Local File Inclusion

Software Elessi Type Theme Vulnerable versions 6.4.1 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-49070 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 75ce19994f60 Credits Phat RiO - BlueRock Required privilege Subscriber...

WordPress Elessi theme <= 6.3.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Elessi versions = 6.3.9...

WordPress Elessi Theme <= 6.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Elessi Type Theme Vulnerable versions = 6.3.9 Fixed in 6.4.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-49873 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 21ece639e9c8 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...