68 matches found
CVE-2025-25121 WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Theme Options Z allows Stored XSS. This issue affects Theme Options Z: from n/a through 1.4...
CVE-2025-25121
CVE-2025-25121 is linked to the WordPress Theme Options Z plugin and is documented as a Cross-Site Forgery (CSRF) vulnerability affecting Theme Options Z versions up to 1.4. The connected sources (Red Hat, NVD, CVE listings) indicate a CSRF issue, with related mentions of possible downstream impa...
CVE-2025-25121 WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in shyammakwana Theme Options Z theme-options-z allows Cross Site Request Forgery.This issue affects Theme Options Z: from n/a through = 1.4...
CVE-2025-23473 WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NotFound Killer Theme Options allows Reflected XSS. This issue affects Killer Theme Options: from n/a through 2.0...
CVE-2025-23473 WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Punit Bhalodiya Killer Theme Options killer-theme-options allows Reflected XSS.This issue affects Killer Theme Options: from n/a through = 2.0...
WordPress plugin Theme Options Z 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Theme Options Z Plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Theme Options Z versions = 1.4...
WordPress Killer Theme Options plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Killer Theme Options versions = 2.0...
WordPress Theme Fruitful 跨站脚本漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Fruitful version 3.8.1 and prior...
CVE-2022-43279
LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php...
LimeSurvey SQL注入漏洞
LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program by Limesurvey team, which supports survey program development, questionnaire publishing and data collection. A SQL injection vulnerability exists in LimeSurvey v5.4.4, which stems from the discove...
PT-2022-26825 · Unknown · Limesurvey
Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 5.0.4 Description: A SQL injection issue was found in the component /application/views/themeOptions/update.php. Recommendations: For versions prior to 5.0.4, update to version 5.0.4 or later to resolve the issue...
WordPress theme Discy 访问控制错误漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. An Access Control Error vulnerability exists in WordPress theme Discy prior to version 5.0, which ste...
WordPress Plugin Discy 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
Simple Theme Options < 1.7 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of textarea field settings of the plugin such as 'Google Analytics': " T...
WordPress Simple Theme Options plugin <= 1.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Simple Theme Options plugin versions = 1.6. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...
WordPress Fruitful theme <= 3.8.1 - Authenticated Theme Options Deletion vulnerability
Authenticated Theme Options Deletion vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...
Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion
The lack of capability and nonce checks in the fruitfuldatasave ajax call could allow attacker to perform stored XSS attack using a low privilege account. "Three other AJAX actions that should be accessible to the administrator only are accessible to any authenticated users: fruitfulresetbtn: thi...
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Category : Webapps Software Link:...
WordPress Fruitful 3.8 Cross Site Scripting
Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip Vendo...