CVE-2024-24927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

CVE-2024-24927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

CVE-2024-24927 WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

PT-2024-20665 · WordPress · Unitedthemes Brooklyn

Name of the Vulnerable Software and Affected Versions: UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme versions through 4.9.7.6 Description: The issue affects the UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme, allowing Reflected XSS due to...

CVE-2023-7194

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-15222 · WordPress · Meris

Name of the Vulnerable Software and Affected Versions: Meris WordPress theme versions 1.1.2 and earlier Description: The issue is related to Reflected Cross-Site Scripting, which occurs because the theme does not properly sanitise and escape certain parameters before outputting them back in the...

CVE-2023-3771

The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites...

CVE-2023-3771

The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites...

CVE-2023-3771 T1 theme <= 19.0 - Open Redirect

The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites...

PT-2024-12650 · WordPress · T1 Wordpress Theme

Name of the Vulnerable Software and Affected Versions: T1 WordPress theme versions through 19.0 Description: The issue allows for unauthenticated open redirect, enabling any attacker to redirect users to arbitrary websites. Recommendations: For T1 WordPress theme versions through 19.0, update to ...

CVE-2023-6990

The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta page-head-code. This makes it possible for authenticated attackers...

CVE-2023-6990 Weaver Xtreme <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta page-head-code. This makes it possible for authenticated attackers...

WordPress Theme Weaver Xtreme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2023-50892

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9...

CVE-2023-50892

CVE-2023-50892 describes a Reflected XSS in TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme. Affected: TheGem versions up to 5.9.1 (range n/a–5.9.1). NVD lists CVSSv3.1 metrics: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N with base score 6.1 (Medium); Patchstack CNA reports CVSSv3.1 metrics...

PT-2023-31706 · WordPress · Thegem

Name of the Vulnerable Software and Affected Versions: TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme versions n/a through 5.9.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows...

CVE-2023-51501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

CVE-2023-51501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...