WordPress Theme Switcha Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Software Theme Switcha Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5614 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 14276bf399ef Credits Lana Codes Required privileg...

CVE-2023-41235

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest Themes Everest News Pro theme = 1.1.7 versions...

CVE-2023-41872 WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Xtemos WoodMart plugin = 7.2.4 versions...

CVE-2023-2813

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

Laborator Kalium Cross-Site Scripting Vulnerability

Laborator Kalium is a WordPress theme by Laborator. A cross-site scripting vulnerability exists in Laborator Kalium prior to version 3.0.4, which stems from a cross-site scripting XSS vulnerability in the name input field of a Contact Us form, allowing remote attackers to execute arbitrary code...

WordPress Villar Theme <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)

Software Villar Type Theme Vulnerable versions = 1.0.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3b4edd361313 Credits Rafie Muhammad Patchstack Required privileg...

WordPress Theme WPLMS 跨站请求伪造漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress Theme WPLMS. No information about this...

VulnCheck KEV: CVE-2023-36529

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4...

WordPress Workreap 2.2.2 Shell Upload Exploit

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author: Mohammad Hossei...

WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

CVE-2020-36711

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

Cross site scripting

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitfulthemeoptionsaction AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2020-36723 ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

WordPress Theme Fruitful 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Fruitful version 3.8.1 and prior...

WordPress theme Epsilon Framework 代码注入漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A code injection vulnerability exists in WordPress theme Epsilon Framework, which stems from...

CVE-2023-23713 WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Manoj Thulasidas Theme Tweaker plugin = 5.20 versions...

CVE-2023-27419 WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Viable Blog theme = 1.1.4 versions...

WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

CVE-2022-47146

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Contempoinc Real Estate 7 WordPress theme = 3.3.1 versions...

CVE-2022-47146

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Contempoinc Real Estate 7 WordPress theme = 3.3.1 versions...