53 matches found
CVE-2026-32528 WordPress Riode | Multi-Purpose WooCommerce theme < 1.6.29 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in don-themes Riode riode allows Reflected XSS.This issue affects Riode: from n/a through 1.6.29...
CVE-2026-27376
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...
EUVD-2026-9632
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...
CVE-2026-27376 WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...
CVE-2026-27376
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...
CVE-2026-27376
CVE-2026-27376 is a Reflected Cross‑Site Scripting vulnerability in the Claue theme (JanStudio Claue) for WordPress. It affects Claue – Clean, Minimal Elementor WooCommerce Theme versions from n/a through ≤ 2.2.7. The issue arises from improper neutralization of input during web page generation. ...
PT-2026-23253
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme claue allows Reflected XSS.This issue affects Claue - Clean, Minimal Elementor WooCommerce Theme: from n/a through = 2.2.7...
PT-2026-4121
Name of the Vulnerable Software and Affected Versions XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme versions through 2.1.0 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusio...
CVE-2023-40555
Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5...
CVE-2025-11746 XStore | Multipurpose WooCommerce Theme <= 9.5.4 - Authenticated (Subscriber+) Local File Inclusion
The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theetajaxrequiredpluginspopup function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on t...
EUVD-2023-36744
Malicious code in bioql PyPI...
EUVD-2023-12551
Malicious code in bioql PyPI...
EUVD-2025-18333
Malicious code in bioql PyPI...
EUVD-2023-45126
Malicious code in bioql PyPI...
EUVD-2023-29885
Malicious code in bioql PyPI...
EUVD-2025-21855
Malicious code in bioql PyPI...
EUVD-2024-53982
Malicious code in bioql PyPI...
EUVD-2025-3005
Malicious code in bioql PyPI...
CVE-2025-6222
CVE-2025-6222 affects the WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet WordPress plugin. The vulnerability is an unauthenticated arbitrary file upload caused by missing file type validation in the ced_rnx_order_exchange_attach_files function, e...
CVE-2023-25998
CVE-2023-25998 describes an unauthenticated Local File Inclusion (LFI) in the WordPress theme “Samex - Clean, Minimal Shop WooCommerce” (and its variants) due to improper control of filenames used by include/require in PHP. Affected versions: n/a through 2.6. The issue enables PHP local file incl...