4 matches found
CVE-2025-69003
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through = 2.2.0...
PT-2026-4120
Name of the Vulnerable Software and Affected Versions QantumThemes KenthaRadio versions through 2.2.0 Description A flaw exists in QantumThemes KenthaRadio that allows for Reflected Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...
Server side request forgery (ssrf)
The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will have the web server fetch and display the content from any URI, this would allow for SSRF Server...
CVE-2021-24472
Affected software: OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2. Root cause: exposed proxy functionality to unauthenticated users that fetches content from any URI, enabling SSRF and RFI. Impact: potential remote inclusion and server-side request forgery ...