Lucene search
K

68 matches found

vulnrichment
vulnrichment
added 2025/03/03 1:30 p.m.7 views

CVE-2025-25121 WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Theme Options Z allows Stored XSS. This issue affects Theme Options Z: from n/a through 1.4...

7.1CVSS7AI score0.00178EPSS
Exploits0References1
cve
cve
added 2025/03/03 1:30 p.m.52 views

CVE-2025-25121

CVE-2025-25121 is linked to the WordPress Theme Options Z plugin and is documented as a Cross-Site Forgery (CSRF) vulnerability affecting Theme Options Z versions up to 1.4. The connected sources (Red Hat, NVD, CVE listings) indicate a CSRF issue, with related mentions of possible downstream impa...

7.1CVSS7.2AI score0.00178EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/03 1:30 p.m.15 views

CVE-2025-25121 WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through = 1.4...

7.1CVSS0.00178EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/03 1:30 p.m.3 views

CVE-2025-23473 WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Killer Theme Options allows Reflected XSS. This issue affects Killer Theme Options: from n/a through 2.0...

7.1CVSS7.1AI score0.00262EPSS
Exploits0References1
cvelist
cvelist
added 2025/03/03 1:30 p.m.13 views

CVE-2025-23473 WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Punit Bhalodiya Killer Theme Options killer-theme-options allows Reflected XSS.This issue affects Killer Theme Options: from n/a through = 2.0...

7.1CVSS0.00262EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/03/03 12:0 a.m.1 views

WordPress plugin Theme Options Z 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS8.2AI score0.00178EPSS
Exploits0References3
patchstack
patchstack
added 2025/02/03 4:12 p.m.6 views

WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Theme Options Z versions = 1.4...

7.1CVSS7AI score0.00178EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2025/01/16 6:41 p.m.3 views

WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Killer Theme Options versions = 2.0...

7.1CVSS6.1AI score0.00262EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.4 views

WordPress Theme Fruitful 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Fruitful version 3.8.1 and prior...

6.4CVSS5.4AI score0.005EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/11/15 9:15 p.m.3 views

CVE-2022-43279

LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php...

7.2CVSS5.8AI score0.0086EPSS
Exploits1References3
cnnvd
cnnvd
added 2022/11/15 12:0 a.m.4 views

LimeSurvey SQL注入漏洞

LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program by Limesurvey team, which supports survey program development, questionnaire publishing and data collection. A SQL injection vulnerability exists in LimeSurvey v5.4.4, which stems from the discove...

7.2CVSS7.2AI score0.0086EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2022/11/15 12:0 a.m.4 views

PT-2022-26825 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 5.0.4 Description: A SQL injection issue was found in the component /application/views/themeOptions/update.php. Recommendations: For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue...

7.2CVSS7.9AI score0.0086EPSS
Exploits1References5
cnnvd
cnnvd
added 2022/08/08 12:0 a.m.6 views

WordPress theme Discy 访问控制错误漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. An Access Control Error vulnerability exists in WordPress theme Discy prior to version 5.0, which ste...

6.5CVSS6.5AI score0.00623EPSS
Exploits2References2
cnnvd
cnnvd
added 2022/08/08 12:0 a.m.57 views

WordPress Plugin Discy 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

4.9CVSS5.5AI score0.00764EPSS
Exploits2References3
wpexploit
wpexploit
added 2022/02/21 12:0 a.m.146 views

Simple Theme Options < 1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of textarea field settings of the plugin such as 'Google Analytics': " T...

4.8CVSS0.1AI score0.00612EPSS
Exploits2
patchstack
patchstack
added 2022/02/21 12:0 a.m.16 views

WordPress Simple Theme Options plugin <= 1.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Simple Theme Options plugin versions = 1.6. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.5AI score0.00612EPSS
Exploits2References3Affected Software1
patchstack
patchstack
added 2021/03/13 12:0 a.m.8 views

WordPress Fruitful theme <= 3.8.1 - Authenticated Theme Options Deletion vulnerability

Authenticated Theme Options Deletion vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...

2.8AI score
Exploits0References2Affected Software1
wpvulndb
wpvulndb
added 2020/03/13 12:0 a.m.13 views

Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion

The lack of capability and nonce checks in the fruitfuldatasave ajax call could allow attacker to perform stored XSS attack using a low privilege account. "Three other AJAX actions that should be accessible to the administrator only are accessible to any authenticated users: fruitfulresetbtn: thi...

3AI score
Exploits0References1Affected Software1
zdt
zdt
added 2020/02/18 12:0 a.m.309 views

WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Category : Webapps Software Link:...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2020/02/17 12:0 a.m.172 views

WordPress Fruitful 3.8 Cross Site Scripting

Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip Vendo...

0.1AI score
Exploits0
Rows per page
Query Builder