Lucene search
+L

512 matches found

RedhatCVE
RedhatCVE
added 2025/02/14 4:27 a.m.5 views

CVE-2024-13656

The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.6.0. This makes it...

8.1CVSS9AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 4:25 a.m.9 views

CVE-2024-13653

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...

8.8CVSS7.3AI score0.005EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 9:21 a.m.87 views

CVE-2024-13867

CVE-2024-13867 affects Listivo - Classified Ads WordPress Theme. A Reflected Cross-Site Scripting vulnerability exists via the s parameter in all versions up to and including 2.3.67, enabling unauthenticated attackers to inject scripts on pages executed when a user clicks a crafted link. Connecte...

6.1CVSS6.5AI score0.0027EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/02/13 6:58 a.m.137 views

CVE-2024-13346

CVE-2024-13346 affects the Avada Theme for WordPress & WooCommerce (up to version 7.11.13). It enables unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode, potentially allowing code execution via shortcodes. Public exploits exist (example exploit scripts) ...

9.8CVSS7.7AI score0.02258EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/02/13 5:15 a.m.35 views

CVE-2024-13770

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

9.8CVSS0.00811EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/13 4:21 a.m.12 views

CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

8.1CVSS7.6AI score0.00811EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/13 4:21 a.m.28 views

CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...

8.1CVSS0.00811EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/02/12 9:15 p.m.6 views

WordPress Puzzles theme <= 4.2.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme Puzzles versions = 4.2.4...

9.8CVSS7.3AI score0.00811EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/02/12 5:15 a.m.40 views

CVE-2024-13769

The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'themeoptionsajaxpostaction' AJAX action in all versions up to, and including, 4.2.4. This makes it possible for...

6.4CVSS0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/12 4:22 a.m.9 views

CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' function in all versions up to, and including, 2.12.0. This makes it possible fo...

8.8CVSS8.8AI score0.005EPSS
Exploits0References2
CVE
CVE
added 2025/02/12 4:22 a.m.60 views

CVE-2024-13769

CVE-2024-13769 – Puzzles theme (WP Magazine / Review with Store WordPress Theme + RTL) Vulnerability: Stored Cross-Site Scripting due to a missing capability check on the theme_options_ajax_post_action AJAX action. Affected versions: all versions up to and including 4.2.4. Impact: Authenticated a...

6.4CVSS5.8AI score0.00291EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/02/11 10:13 p.m.6 views

WordPress ZoxPress theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Theme ZoxPress versions = 2.12.0...

8.8CVSS7AI score0.005EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/07 5:51 p.m.4 views

CVE-2024-13529

The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialvsenddownloadfile' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers...

6.5CVSS6.5AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:1 p.m.12 views

CVE-2022-1657

Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...

8.8CVSS6.6AI score0.01624EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:58 a.m.9 views

CVE-2024-7435

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

8.8CVSS7AI score0.00707EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:0 a.m.13 views

CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'portopageheadershortcodetype', 'slideshowtype' and 'postlayout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...

8.8CVSS7.5AI score0.01538EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:45 a.m.7 views

CVE-2024-11289

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...

8.1CVSS7.6AI score0.00675EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:35 a.m.7 views

CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

9.8CVSS7.3AI score0.01229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:53 p.m.12 views

CVE-2024-13545

The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This...

9.8CVSS7.8AI score0.01257EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/04 9:21 a.m.16 views

CVE-2024-13529 SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download

The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialvsenddownloadfile' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers...

6.5CVSS0.00373EPSS
Exploits0References3
Rows per page
Query Builder