CVE-2024-3747 Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-28815 · WordPress · Virtue

Name of the Vulnerable Software and Affected Versions: Virtue theme for WordPress versions up to, and including, 3.4.8 Description: The issue is related to Stored Cross-Site Scripting via a Post Author's name due to insufficient input sanitization and output escaping when the latest posts feature...

WordPress Althea WP theme <= 1.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Althea WP versions = 1.0.13...

WordPress theme Teluro 跨站请求伪造漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blogs on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Teluro version 1.0.31 and earlier versions. A...

WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

CVE-2024-32525 WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6...

EUVD-2024-32435

The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...

Spa and Salon < 1.2.8 - Cross-Site Request Forgery to Notice Dismissal

Description The Spa and Salon theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the spaandsalonupdateadminnotice function. This makes it possible for unauthenticated attackers to dismiss...

WordPress GuCherry Blog theme <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme GuCherry Blog versions = 1.1.8...

WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control

Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...

WordPress NewsXpress theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme NewsXpress versions = 1.0.7...

WordPress The Conference theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme The Conference versions = 1.2.0...

WordPress CityLogic theme <= 1.1.29 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme CityLogic versions = 1.1.29...

WordPress i-excel theme <= 1.7.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme i-excel versions = 1.7.9...

PT-2024-24033 · WordPress +11 · Sensible Wp +14

Name of the Vulnerable Software and Affected Versions: X-T9 versions 1.19.0 and earlier Lightning versions 15.18.0 and earlier Default Mag versions 1.3.5 and earlier Namaha versions 1.0.40 and earlier CityLogic versions 1.1.29 and earlier i-max versions 1.6.2 and earlier Emmet Lite versions 1.7.5...

CVE-2024-31369

Cross-Site Request Forgery CSRF vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2...

PT-2024-19869 · Themefusion · Avada

Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue allows authenticated attackers with editor-level access and above to perform SQL Injection via the entry parameter due to insufficient escaping on the...

WordPress Theme Newsmatic 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Newsmatic 1.3.0 and earlier versions, which stems...

CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...

CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization

The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...