512 matches found
CVE-2024-13656
The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.6.0. This makes it...
CVE-2024-13653
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...
CVE-2024-13867
CVE-2024-13867 affects Listivo - Classified Ads WordPress Theme. A Reflected Cross-Site Scripting vulnerability exists via the s parameter in all versions up to and including 2.3.67, enabling unauthenticated attackers to inject scripts on pages executed when a user clicks a crafted link. Connecte...
CVE-2024-13346
CVE-2024-13346 affects the Avada Theme for WordPress & WooCommerce (up to version 7.11.13). It enables unauthenticated arbitrary shortcode execution due to improper validation before do_shortcode, potentially allowing code execution via shortcodes. Public exploits exist (example exploit scripts) ...
CVE-2024-13770
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...
WordPress Puzzles theme <= 4.2.4 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme Puzzles versions = 4.2.4...
CVE-2024-13769
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'themeoptionsajaxpostaction' AJAX action in all versions up to, and including, 4.2.4. This makes it possible for...
CVE-2024-13653 ZoxPress - The All-In-One WordPress News Theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' function in all versions up to, and including, 2.12.0. This makes it possible fo...
CVE-2024-13769
CVE-2024-13769 – Puzzles theme (WP Magazine / Review with Store WordPress Theme + RTL) Vulnerability: Stored Cross-Site Scripting due to a missing capability check on the theme_options_ajax_post_action AJAX action. Affected versions: all versions up to and including 4.2.4. Impact: Authenticated a...
WordPress ZoxPress theme <= 2.12.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by Lucio Sá in WordPress Theme ZoxPress versions = 2.12.0...
CVE-2024-13529
The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialvsenddownloadfile' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers...
CVE-2022-1657
Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...
CVE-2024-7435
The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...
CVE-2024-3807
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'portopageheadershortcodetype', 'slideshowtype' and 'postlayout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to...
CVE-2024-11289
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...
CVE-2024-11349
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...
CVE-2024-13545
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This...
CVE-2024-13529 SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download
The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialvsenddownloadfile' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers...