CVE-2026-5293

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

CVE-2026-5293 診断ジェネレータ作成プラグイン <= 1.4.16 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'js' Parameter

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

PT-2026-42057

The 診断ジェネレータ作成プラグイン Diagnosis Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'js' parameter in versions up to and including 1.4.16. This is due to missing authorization checks and insufficient input sanitization in the themeFunc function. The function is hooke...

CVE-2026-3772

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

CVE-2026-3772

The CVE-2026-3772 entry concerns the WP Editor WordPress plugin. A CSRF vulnerability exists in all versions up to and including 1.2.9.2 due to missing nonce verification in the add_plugins_page and add_themes_page functions. This can allow unauthenticated attackers to overwrite arbitrary plugin ...

CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

PluXml 安全漏洞

PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version 5.8.22, which originates from an attacker with administrator panel access who can inject a malicious PHP webshell into theme...

EUVD-2022-51060

Malicious code in bioql PyPI...

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function...

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function...

📄 Ghost CMS Path Traversal

Ghost CMS versions prior to 5.42.1 contain a path traversal vulnerability that allows remote attackers to read arbitrary files within the active theme's folder structure. !/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit...

CVE-2022-48361

The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources...

Maintenance Switch <= 1.5.2 - Theme Files Creation/Deletion via CSRF

Description The plugin does not have CSRF checks when creating and deleting theme files as well as reseting settings, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

PT-2023-5126 · Microsoft · Windows 11 +1

Name of the Vulnerable Software and Affected Versions: Windows 11 affected versions not specified Description: The vulnerability is related to insufficient input validation in the Windows Themes component, allowing remote attackers to execute arbitrary code on the system. This can occur when a us...

CVE-2022-48361

The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources...

CVE-2022-48361

The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources...

Path traversal

The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources...

PT-2023-15739 · Unknown · Always On Display

Name of the Vulnerable Software and Affected Versions: Always On Display AOD affected versions not specified Description: The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this issue may cause a failure in reading AOD theme resources...

CVE-2022-48361

The CVE-2022-48361 entry concerns Huawei HarmonyOS AOD, with a path traversal vulnerability in theme files. The issue targets the AOD theme resource handling, where path traversal could lead to a failure to read theme resources. Root cause: path traversal in the theme resource access path. Impact...

CVE-2022-48361

The Always On Display AOD has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources...