118 matches found
WordPress Tiger Premium theme <= 101.2.1 - Authenticated (Subscriber+) Privilege Escalation vulnerability
Authenticated Subscriber+ Privilege Escalation vulnerability discovered by István Márton - Wordfence in WordPress Theme Tiger versions = 101.2.1...
WordPress Tiger Premium theme <= 101.2.1 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by シルAsuna in WordPress Theme Tiger versions = 101.2.1...
WordPress plugin Alone Theme 安全漏洞
The WordPress Alone Theme plugin is a premium theme for creating photography-based websites that sells close to 10,000 copies in the Envato marketplace and is mainly used by non-profit organizations e.g. charities, fundraising organizations, etc.. WordPress Alone Theme plugin suffers from a code...
CVE-2022-1951
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected...
CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1...
Adifier (Premium Theme) < 3.1.4 - Reflected Cross-Site Scripting
Description The Adifier Premium Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2022-45363 WordPress Betheme premium theme <= 26.6.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. subscriber+ Stored Cross-Site Scripting XSS in Muffingroup Betheme theme = 26.6.1 on WordPress...
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to post title change discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dave Jong in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to private post/page title disclosure discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to the plugin specific for this theme settings change discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...
WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to post/page status change to draft or published discovered by Dave Jong Patchstack in the WordPress Betheme premium theme versions = 26.6.1. Solution Update the WordPress Betheme theme to the latest available version at least 26.6.3...
CVE-2022-41788
Auth. subscriber+ Cross-Site Scripting XSS vulnerability in Soledad premium theme = 8.2.5 on WordPress...
CVE-2022-41788
Auth. subscriber+ Cross-Site Scripting XSS vulnerability in Soledad premium theme = 8.2.5 on WordPress...
CVE-2022-41788
The CVE-2022-41788 issue affects the Soledad premium theme for WordPress (versions ≤ 8.2.5). It is an authenticated XSS vulnerability exploitable by users with subscriber-level access or higher, caused by insufficient sanitisation/escaping of a parameter. A fix is available: upgrade the Soledad t...
CVE-2022-41788 WordPress Soledad premium theme <= 8.2.5 - Auth. Cross-Site Scripting (XSS) vulnerability
Auth. subscriber+ Cross-Site Scripting XSS vulnerability in Soledad premium theme = 8.2.5 on WordPress...
PT-2022-26073 · WordPress · Soledad
Name of the Vulnerable Software and Affected Versions: Soledad premium theme version 8.2.5 and earlier Description: A Cross-Site Scripting XSS issue affects the Soledad premium theme on WordPress, specifically for users with subscriber or higher authentication. This issue allows for malicious...
WordPress Soledad premium theme <= 8.2.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Dave Jong Patchstack in the WordPress Soledad premium theme versions = 8.2.5. Solution Update the WordPress soledad theme to the latest available version at least 8.2.6...
CVE-2022-41788
Auth. subscriber+ Cross-Site Scripting XSS vulnerability in Soledad premium theme = 8.2.5 on WordPress...