Lucene search
K

19029 matches found

Patchstack
Patchstack
added 49 minutes ago4 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...

6.5CVSS5.8AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 9 hours ago6 views

CVE-2026-27435 WordPress Woffice theme < 5.4.33 - Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woffice: from n/a before 5.4.33...

5.3CVSS
Exploits0References1
CVE
CVE
added 9 hours ago13 views

CVE-2026-27435

WordPress Woffice theme versions before 5.4.33 are affected by a Missing Authorization vulnerability due to incorrectly configured access control. CVSSv3.1: 5.3 (Network, Low privileges, No user interaction). Impact: Integrity impact (LOW); others None. Affected: Woffice theme (WordPress)

5.3CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 14 hours ago20 views

WordPress 15Zine <3.3.0 - Cross-Site Scripting

WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cbsa AJAX action. id: CVE-2020-36510 info: name: WordPress 15Zine 3.3.0 - Cross-Site Scripting author: veshraj...

6.1CVSS6.2AI score0.02602EPSS
Exploits2References3
Nuclei
Nuclei
added 14 hours ago38 views

ScoreMe Theme - Cross-Site Scripting

WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

5.4CVSS6.2AI score0.02716EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago22 views

WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery

The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Forgery SSRF via the 'url' parameter in the getremotedata.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2024-4399 info: name: WordPre...

9.1CVSS5.9AI score0.01836EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago40 views

JobMonster < 4.5.2.9 - Cross-Site Scripting

In the theme JobMonster 4.5.2.9 there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests. id: CVE-2022-1170 info: name: JobMonster 4.5.2.9 - Cross-Site Scripting author: Akincibor,ritikchaddha severity: medium description: | In the theme JobMonste...

6.1CVSS6.4AI score0.01836EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago78 views

WordPress Page Builder KingComposer <=2.9.6 - Open Redirect

WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kcgetthumbn AJAX action which is available to both unauthenticated and authenticated users. id: CVE-2022-0165 info: name: WordPress Page Builder KingComposer =2.9.7 to...

6.1CVSS6.5AI score0.0428EPSS
Exploits4References5
Nuclei
Nuclei
added 14 hours ago36 views

WordPress JNews Theme <8.0.6 - Cross-Site Scripting

WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory. id: CVE-2021-24342 info: name: WordPress JNews Theme =8.0.6 to mitigate the XSS...

6.1CVSS6.2AI score0.01975EPSS
Exploits2References4
Nuclei
Nuclei
added 14 hours ago104 views

WordPress Jannah Theme <5.4.5 - Cross-Site Scripting

WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.2AI score0.02697EPSS
Exploits2References4
Nuclei
Nuclei
added 14 hours ago42 views

WordPress Jannah Theme <5.4.4 - Cross-Site Scripting

WordPress Jannah theme before 5.4.4 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the options JSON parameter in its tiegetuserweather AJAX action before outputting it back in the page. id: CVE-2021-24364 info: name: WordPress Jannah Theme 5.4.4 - Cross-Sit...

6.1CVSS6.2AI score0.01975EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago27 views

WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting

WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter. id: CVE-2019-20141 info: name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting author: knassar702 severity: medium description: WordPress Laborator Neon them...

6.1CVSS6.2AI score0.04344EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago8 views

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

9.8CVSS7.3AI score0.03546EPSS
Exploits2References2
Nuclei
Nuclei
added 14 hours ago12 views

WordPress OneTone theme <= 3.0.6 – Unauthenticated Stored XSS

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. id: CVE-2019-17231 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Stored XSS author: daffainfo severity: medium description: | includes/theme-functions.php in the OneTone...

6.1CVSS6.4AI score0.01216EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago6 views

WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. id: CVE-2019-17230 info: name: WordPress OneTone theme = 3.0.6 – Unauthenticated Options Changes author: daffainfo severity: medium description: | includes/theme-functions.php in...

5.3CVSS6AI score0.02362EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago10 views

Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation

The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...

8.8CVSS7.3AI score0.0189EPSS
Exploits1References3
Nuclei
Nuclei
added 14 hours ago5 views

WordPress Campress Theme <= 1.35 - Unauthenticated Local File Inclusion

Campress theme for WordPress up to 1.35 contains a local file inclusion caused by 'campresswoocommercegetajaxproducts' function, letting unauthenticated attackers include and execute arbitrary PHP files, exploit requires no authentication. id: CVE-2024-10763 info: name: WordPress Campress Theme =...

9.8CVSS7.8AI score0.03529EPSS
Exploits0References1
Nuclei
Nuclei
added 14 hours ago6 views

WordPress Madara Theme < 2.2.2.1 - Local File Inclusion

Madara WordPress theme = 2.2.2 contains a local file inclusion vulnerability caused by improper sanitization of the 'template' parameter, letting unauthenticated attackers execute arbitrary files on the server, exploit requires crafted request. id: CVE-2025-4524 info: name: WordPress Madara Theme...

9.8CVSS7.5AI score0.09094EPSS
Exploits5References4
Nuclei
Nuclei
added 14 hours ago13 views

WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator- from n/a through 1.0.9. id: CVE-2023-47873 info: name: WordPress WP Child Theme Generator 1.1.3 - Arbitrary File Upload author: cysamu,Crux severity...

9.1CVSS7.3AI score0.02276EPSS
Exploits0References4
Nuclei
Nuclei
added 14 hours ago15 views

Newspaper Theme 6.4–6.7.1 - Privilege Escalation

Newspaper Theme versions 6.4 to 6.7.1 for WordPress lacked proper options access control through tdajaxupdatepanel, which led to a Privilege Escalation vulnerability. id: CVE-2016-10972 info: name: Newspaper Theme 6.4–6.7.1 - Privilege Escalation author: pussycat0x severity: critical description:...

9.8CVSS7.5AI score0.09268EPSS
Exploits1References1
Rows per page
Query Builder