Lucene search
+L

512 matches found

Cvelist
Cvelist
added 2025/03/05 9:21 a.m.18 views

CVE-2024-13787 VEDA - MultiPurpose WordPress Theme <= 4.2 - Authenticated (Subscriber+) PHP Object Injection

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'vedabackupandrestoreaction' function. This makes it possible for authenticated attackers, with Subscriber-leve...

9.8CVSS0.00613EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/05 9:21 a.m.11 views

CVE-2024-13811 Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme <= 4.5.7 - Missing Authorization to Authenticated (Subscriber+) Demo Import

The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaimportlafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attacker...

4.3CVSS0.00221EPSS
Exploits0References2
CVE
CVE
added 2025/03/05 9:21 a.m.44 views

CVE-2024-13811

CVE-2024-13811 concerns the Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme for WordPress (versions

4.3CVSS6.7AI score0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/05 8:21 a.m.26 views

CVE-2024-8682 JNews - WordPress Newspaper Magazine Blog AMP Theme <= 11.6.6 - Unauthorized User Registration

The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the...

5.3CVSS0.00258EPSS
Exploits1References2
CVE
CVE
added 2025/03/05 8:21 a.m.80 views

CVE-2024-8682

CVE-2024-8682 affects JNews theme for WordPress (versions up to and including 11.6.6). The vulnerability allows unauthenticated users to register as site users because register_handler() does not adequately validate if user registration is enabled before creating a user. Impact is unauthorized us...

5.3CVSS7AI score0.00258EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/04 4:26 a.m.26 views

CVE-2025-1307 Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload

The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

9.8CVSS0.01977EPSS
Exploits2References3
CVE
CVE
added 2025/02/27 11:22 p.m.102 views

CVE-2024-12811

The CVE CVE-2024-12811 affects the Traveler WordPress theme (versions up to 3.1.8). It describes an authenticated Local File Inclusion via the hotel_alone_slider shortcode’s style attribute, enabling an attacker with contributor+ permissions to include arbitrary server files and execute PHP code....

8.8CVSS7.8AI score0.00697EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/27 10:28 a.m.28 views

CVE-2024-13693

The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...

5.3CVSS6.3AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2025/02/27 9:15 a.m.8 views

CVE-2025-1282

The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletepostphoto and addcar functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers,...

8.8CVSS0.01025EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/27 8:22 a.m.19 views

CVE-2025-1282 Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read

The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletepostphoto and addcar functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers,...

8.8CVSS0.01025EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/25 9:21 a.m.12 views

CVE-2024-13693 Enfold <= 6.0.9 - Missing Authorization to Sensitive Information Disclosure in avia-export-class.php

The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive...

5.3CVSS5.1AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2025/02/25 9:21 a.m.108 views

CVE-2024-13693

CVE-2024-13693 affects the Enfold WordPress theme (versions

5.3CVSS6.5AI score0.00307EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/02/24 11:44 p.m.8 views

WordPress Enfold theme <= 6.0.9 - Authenticated (Subscriber+) Server-Side Request Forgery via attachment_id vulnerability

Authenticated Subscriber+ Server-Side Request Forgery via attachmentid vulnerability discovered by mikemyers in WordPress Theme Enfold versions = 6.0.9...

6.4CVSS7.1AI score0.00237EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/18 7:53 p.m.81 views

CVE-2025-27013

CVE-2025-27013 affects MediCenter - Health Medical Clinic WordPress Theme (MediCenter). Described as a Missing Authorization vulnerability, with CVSS v3.1 base score 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Wordfence documentation confirms the affected software and labels the issue as Missing A...

5.3CVSS7.2AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2025/02/18 11:15 a.m.38 views

CVE-2024-13667

The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mle-description’ parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level acces...

5.4CVSS0.00237EPSS
Exploits0References2
CVE
CVE
added 2025/02/18 11:10 a.m.59 views

CVE-2024-13681

CVE-2024-13681 affects the WordPress theme Uncode. The vulnerability is an unauthenticated arbitrary file read due to insufficient input validation in the uncode_admin_get_oembed function, affecting all versions up to 2.9.1.6. Patch/mitigation: upgrade to Uncode 2.9.1.6 or apply the vendor fix th...

7.5CVSS7AI score0.00605EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/18 11:10 a.m.8 views

CVE-2024-13681 Uncode <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed

The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncodeadmingetoembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server...

7.5CVSS7AI score0.00605EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/18 11:10 a.m.8 views

CVE-2024-13797 PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution

The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running...

7.3CVSS7.7AI score0.00539EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/15 7:23 a.m.38 views

CVE-2024-13346

The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...

9.8CVSS9.6AI score0.02258EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/15 4:23 a.m.9 views

CVE-2025-0837

The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and...

6.4CVSS7.4AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder