Lucene search
K

30 matches found

Prion
Prion
added 2022/02/04 11:15 p.m.25 views

Design/Logic Flaw

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

4.3CVSS6.2AI score0.70511EPSS
Exploits3References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2022/01/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS6.5AI score0.70511EPSS
Exploits3References1
Exploit DB
Exploit DB
added 2016/06/06 12:0 a.m.39 views

WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting

Vendor Homepage: http://bridge.qodeinteractive.com/ Software Link: http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054 Version: 9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Stored XSS, Ability to overwrite any theme settings. Time line: Found 23-Apr-2016, Vendor...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2014/10/13 6:0 p.m.31 views

CVE-2014-8746

Cross-site scripting XSS vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...

5.2AI score0.00946EPSS
Exploits0References4
Prion
Prion
added 2014/10/08 6:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...

3.5CVSS5.6AI score0.00946EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2014/10/08 6:55 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skiplinktext setting and unspecified...

3.5CVSS5.8AI score0.00946EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/10/08 6:0 p.m.26 views

CVE-2014-7979

Cross-site scripting XSS vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...

5.2AI score0.00946EPSS
Exploits0References5
Cvelist
Cvelist
added 2014/10/08 6:0 p.m.27 views

CVE-2014-7978

Cross-site scripting XSS vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings...

5.2AI score0.00946EPSS
Exploits0References5
Drupal
Drupal
added 2014/04/30 12:0 a.m.24 views

SA-CONTRIB-2014-047 - Zen - Cross Site Scripting

The Zen theme is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. The theme does not properly sanitize theme settings before they are used in the output of a page. Themes that have copied code from Zen's template.php may suffer from this same issue. If you...

3.5CVSS5.8AI score0.00946EPSS
Exploits0References10
Prion
Prion
added 2007/02/06 7:28 p.m.14 views

Remote file inclusion

PHP remote file inclusion vulnerability in theme/settings.php in bluevirus-design SMA-DB 0.3.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pfadz parameter...

7.5CVSS8AI score0.03279EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder