CVE-2022-47146 WordPress Real Estate 7 Theme <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Contempoinc Real Estate 7 WordPress theme = 3.3.1 versions...

CVE-2022-47146

CVE-2022-47146 affects the Contempoinc Real Estate 7 WordPress theme (versions

PT-2023-15192 · WordPress · Contempoinc Real Estate 7

Name of the Vulnerable Software and Affected Versions: Contempoinc Real Estate 7 WordPress theme versions 3.3.1 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows for the execution of malicious scripts on the...

WordPress theme Real Estate 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Real Estate 7 version 3.3.1 an...

WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Theme Tweaker Type Plugin Vulnerable versions = 5.20 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23713 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e1a4c281d2a Credits Mika Required privilege...

CVE-2022-0316

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from...

Design/Logic Flaw

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from...

WordPress Corsa Theme <= 1.5 is vulnerable to Arbitrary File Upload

Software Corsa Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-23970 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4cf947f86882 Credits Dave Jong Patchstack Required privilege...

Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...

CVE-2022-4114

The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks...

CVE-2022-4239

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...

CVE-2022-4239 Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...

CVE-2022-4239 Workreap < 2.6.4 - Subscriber+ Arbitrary Posts Deletion via IDOR

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...

Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...

Design/Logic Flaw

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE...

CVE-2022-3921

CVE-2022-3921 affects the Listingo WordPress theme prior to version 3.2.7. The vulnerability arises because an AJAX upload action is accessible to unauthenticated users and does not validate uploaded files, permitting arbitrary file uploads and potentially remote code execution (RCE). Public writ...

CVE-2022-3846 Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable...

WordPress theme Workreap 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Workreap versions prior to 2.6.3. An...

WordPress theme Download Theme and plugin translation for Polylang 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Download Theme and plugin translation for Polylang...

CVE-2022-41788

Auth. subscriber+ Cross-Site Scripting XSS vulnerability in Soledad premium theme = 8.2.5 on WordPress...