Lucene search
K

33 matches found

Positive Technologies
Positive Technologies
added 2025/04/19 12:0 a.m.7 views

PT-2025-17353 · WordPress · Aihub

Name of the Vulnerable Software and Affected Versions: AIHub theme for WordPress versions up to, and including, 1.3.7 Description: The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate image function. This makes it possible for...

9.8CVSS9.6AI score0.00871EPSS
Exploits0References10
NVD
NVD
added 2025/03/19 9:15 a.m.4 views

CVE-2024-13790

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

9.8CVSS0.0071EPSS
Exploits0References3
CVE
CVE
added 2025/03/14 11:15 a.m.50 views

CVE-2024-12810

CVE-2024-12810 applies to the JobCareer WordPress Theme (

8.8CVSS8.4AI score0.00315EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/03/07 7:15 a.m.9 views

CVE-2024-13655

The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.5.2. This makes it possible f...

8.1CVSS0.00312EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/18 11:10 a.m.8 views

CVE-2024-13797 PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS7.7AI score0.00502EPSS
Exploits0References2
Wordfence Blog
Wordfence Blog
added 2025/02/13 3:34 p.m.48 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 3, 2025 to February 9, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.8CVSS9.8AI score0.00775EPSS
Exploits27
Vulnrichment
Vulnrichment
added 2024/10/01 7:30 a.m.14 views

CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection

The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

8.8CVSS7.2AI score0.00606EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.12 views

Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

6.4AI score0.00193EPSS
Exploits2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/21 12:0 a.m.6 views

CVE-2023-26265

The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borgpreprocesspage in the file template.php does not properly sanitize incoming path arguments before using them...

5.2AI score0.00578EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/09 12:0 a.m.6 views

PT-2021-16022 · WordPress · Workreap

Name of the Vulnerable Software and Affected Versions: Workreap WordPress theme versions prior to 2.2.2 Description: The issue allows an attacker to trick a logged-in user into submitting a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site...

8.1CVSS8.1AI score0.00646EPSS
Exploits2References4
NVD
NVD
added 2021/07/06 11:15 a.m.13 views

CVE-2021-24387

The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ctcommunity parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context...

6.1CVSS0.03677EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/06/30 12:0 a.m.25 views

Newspaper < 11 - Reflected Cross-Site Scripting (XSS)

Description The theme does not sanitise the tdatts.modulescategory parameter in its tdajaxsearch AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate...

6.1CVSS6AI score0.00828EPSS
Exploits1
Drupal
Drupal
added 2018/05/23 12:0 a.m.6 views

Corporate Site - Critical - Unsupported - SA-CONTRIB-2018-032

The security team is marking this theme unsupported. There is a known security issue with the theme that has not been fixed by the maintainer. If you would like to maintain this theme, please read: https://www.drupal.org/node/251466. The security team marks all unsupported themes and modules...

7.2AI score
Exploits0References2
Rows per page
Query Builder