2156 matches found
CVE-2024-52480
CVE-2024-52480 is a Missing Authorization (Broken Access Control) vulnerability in Astoundify Jobify - Job Board WordPress Theme, affecting versions up to 4.2.3. Public docs identify unauthenticated access issues but do not provide concrete exploitation details or a confirmed patch in the sources...
CVE-2024-43222 WordPress Sweet Date theme <= 3.7.3 - Privilege Escalation vulnerability
Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through = 3.7.3...
CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation
Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5...
CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation
Missing Authorization vulnerability in listingthemes Real Estate Directory real-estate-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through = 1.0.5...
PT-2024-35321 · Astoundify · Astoundify Jobify - Job Board Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Astoundify Jobify - Job Board WordPress Theme versions prior to 4.2.3 Description: The issue is related to a missing authorization vulnerability in the Astoundify Jobify - Job Board WordPress Theme. Recommendations: For versions prior to 4.2....
CVE-2024-11289
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...
CVE-2024-10849
The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2024-10849
CVE-2024-10849 details (NewsMash theme, WordPress) : The NewsMash WordPress theme is affected by a stored cross-site scripting (XSS) vulnerability via a malicious display name in all versions up to 1.0.71. Exploitation requires authenticated access at Contributor level or higher, and an attacker ...
CVE-2024-10578
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-10578 Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-10578
CVE-2024-10578 – Pubnews theme (WordPress) has an unauthenticated/arbitrary plugin installation vulnerability through a missing capability check in pubnews_importer_plugin_action_for_notice() across all versions up to 1.0.7. The issue allows authenticated attackers with Subscriber-level access an...
CVE-2024-11420
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...
CVE-2024-52478
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...
CVE-2024-52479
Cross-Site Request Forgery CSRF vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through 4.3.0...
CVE-2024-52479
Cross-Site Request Forgery CSRF vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...
CVE-2024-52478
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Jobify jobify allows Stored XSS.This issue affects Jobify: from n/a through 4.3.0...
CVE-2024-52478
CVE-2024-52478 is a Cross-Site Scripting (Stored XSS) vulnerability in the Ben Marshall Jobify – Job Board WordPress Theme, affecting versions up to 4.2.3 (n/a through 4.2.3). The issue arises from improper input neutralization during web page generation. Multiple connected sources explicitly con...
PT-2024-35318 · WordPress · Ben Marshall Jobify - Job Board Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Ben Marshall Jobify - Job Board WordPress Theme versions n/a through 4.2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This mea...
PT-2024-35319 · WordPress · Ben Marshall Jobify - Job Board Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Ben Marshall Jobify - Job Board WordPress Theme versions n/a through 4.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into...
CVE-2024-52481
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through 4.3.0...