Lucene search
+L

512 matches found

Cvelist
Cvelist
added 2025/02/04 9:21 a.m.15 views

CVE-2024-13529 SocialV - Social Network and Community BuddyPress Theme <= 2.0.15 - Missing Authorization to Arbitrary File Download

The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialvsenddownloadfile' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers...

6.5CVSS0.00373EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/03 8:5 p.m.7 views

WordPress OnePress theme <= 2.3.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani Patchstack Alliance in WordPress Theme OnePress versions = 2.3.11...

4.3CVSS7AI score0.00255EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/01/26 12:15 p.m.10 views

CVE-2024-11936

The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated...

8.8CVSS0.0036EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/01/24 12:0 a.m.19 views

WordPress InspiryThemes RealHomes Theme Privilege Escalation Vulnerability (Jan 2025)

The WordPress theme RealHomes by InspiryThemes is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

9.8CVSS7.5AI score0.00647EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/06 1:5 p.m.3 views

WordPress Lestin theme < 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh in WordPress Theme Lestin - Directory Listing WordPress Theme versions 1.2.0...

7.1CVSS8.2AI score0.00184EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/06 12:55 p.m.2 views

WordPress Orgarium theme < 1.1.9 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Orgarium - Agriculture & Organic Farm WordPress Theme versions 1.1.9...

7.1CVSS6.1AI score0.00184EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/06 12:51 p.m.7 views

WordPress Pisole theme < 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Pisole - Digital Creative Agency WordPress Theme versions 1.1.0...

7.1CVSS6.1AI score0.00184EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/03 3:58 p.m.5 views

WordPress Education LMS theme <= 0.0.7 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Theme Education LMS versions = 0.0.7...

6.5CVSS5.8AI score0.00292EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/01/02 12:0 p.m.40 views

CVE-2024-37441

CVE-2024-37441 is a CSRF vulnerability in DesertThemes NewsMash (WordPress theme). Affected are NewsMash versions n/a through 1.0.34. The issue enables CSRF; connected sources indicate the vulnerability has been patched in NewsMash, but no fixed version is specified in the provided documents. No ...

4.3CVSS5.9AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/01/02 12:0 p.m.43 views

CVE-2024-37435

CVE-2024-37435 describes a Cross-Site Request Forgery (CSRF) in the WordPress theme “Perfect Portfolio.” Affected: Perfect Portfolio versions up to 1.2.0 (listed as from n/a through 1.2.0). Root cause: CSRF enabling unauthorized actions via crafted requests. Impact (per CVSS v3.1 in the sources):...

8.8CVSS5.9AI score0.00207EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/02 12:0 p.m.6 views

CVE-2024-37412 WordPress Blossom Shop theme <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Blossom Themes Blossom Shop allows Cross Site Request Forgery.This issue affects Blossom Shop: from n/a through 1.1.7...

4.3CVSS7.2AI score0.00195EPSS
Exploits0References1
CVE
CVE
added 2024/12/31 10:25 a.m.53 views

CVE-2024-56234

Technical details for CVE-2024-56234 are not provided in the supplied documents. No concrete information on affected products, root cause, impact, or remediation is available here; monitor for official advisories and vendor updates.

5.4CVSS7.2AI score0.00305EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/21 8:23 a.m.44 views

CVE-2024-12588 Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/21 8:23 a.m.36 views

CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's auxcontactbox and auxgmaps shortcodes in all versions up to, and including, 2.17.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00321EPSS
Exploits0References5
NVD
NVD
added 2024/12/18 12:15 p.m.20 views

CVE-2024-11926

The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'stPartnerCreateServiceRental', 'stdeleteorderitem', 'stpartnerapprovebooking', 'saveorderitem', and 'userDenyEachInfo' functions in all versions up t...

6.5CVSS0.00302EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 8:22 a.m.99 views

CVE-2024-12333

CVE-2024-12333 affects the Woodmart WordPress theme. The vulnerability allows unauthenticated attackers to execute arbitrary shortcodes via the woodmart_instagram_ajax_query AJAX action because a value is not properly validated before running do_shortcode. This is a shortcode execution flaw in al...

6.5CVSS6.8AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/09 12:18 p.m.25 views

CVE-2024-43222 WordPress Sweet Date theme <= 3.7.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through = 3.7.3...

9.8CVSS0.0076EPSS
Exploits0References1
CVE
CVE
added 2024/12/06 8:24 a.m.47 views

CVE-2024-10849

CVE-2024-10849 details (NewsMash theme, WordPress) : The NewsMash WordPress theme is affected by a stored cross-site scripting (XSS) vulnerability via a malicious display name in all versions up to 1.0.71. Exploitation requires authenticated access at Contributor level or higher, and an attacker ...

6.4CVSS7.4AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 6:15 a.m.27 views

CVE-2024-10578

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.01355EPSS
Exploits1References3
CVE
CVE
added 2024/12/06 3:25 a.m.53 views

CVE-2024-10836

CVE-2024-10836 affects the Flixita WordPress theme (all versions up to 1.0.82). It is a Reflected Cross-Site Scripting vulnerability via the id parameter caused by insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject scripts in pages executed after use...

6.1CVSS6.1AI score0.0036EPSS
Exploits0References5
Rows per page
Query Builder