CarSpot < 2.2.3 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CarSpot – Dealership Wordpress Classified Theme', tested version — v2.2.0: - Authenticated Persistent XSS - Registration Form/User Profile - Authenticated Persistent XSS - Ad Post - IDOR leading to arbitrary deletion of ads Edit WPScanTeam: January...

Travel Booking < 2.7.8.6 - Reflected & Persistent XSS Issues

Reflected & Persistent XSS vulnerability was discovered in the 'Travel Booking WordPress Theme', tested version — v2.7.8.5 Edit WPScanTeam: January 11th, 2020 - Report received & Envato contacted January 12th, 2020 - Report updated with Reflected XSS, Envato notified again. January 12th, 2020 -...

TownHub < 1.0.6 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'TownHub - Directory & Listing WordPress Theme', tested version — v1.0.2: - Unauthenticated XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 5th, 2020 - Envato Investigating January 6th, 2020 -...

Superlist <= 2.9.2 - Stored Cross-Site Scripting (XSS)

Persistent XSS was discovered in the 'Superlist - Directory WordPress Theme', the version tested was v2.9.2. Edit WPScanTeam: December 2nd, 2019 - Envato Contacted December 2nd, 2019 - Envato Investigating December 12th, 2019 - No updates, disclosing PoC The PoC will be displayed once the issue h...

CVE-2015-9504

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...

WordPress ThemeMakers Blessing Premium Responsive theme Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.ThemeMakers Blessing Premium Responsive theme is a religious website theme plugin used in it. A security vulnerability exists in...

WordPress ThemeMakers Accio One Page Parallax Responsive theme Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.ThemeMakers Accio One Page Parallax Responsive theme is a responsive one page parallax effect website theme plugin used in i...

WordPress Theme Editor plugin <= 2.1 - Multiple vulnerabilities

Multiple vulnerabilities CSRF, insufficient permission checking, arbitrary file upload found by WebARX in WordPress Theme Editor plugin versions = 2.1. Solution Update the WordPress Theme Editor plugin to the latest available version at least 2.2...

EUVD-2015-9246

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...

CVE-2016-11002

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation...

CVE-2016-10997

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php...

CVE-2016-10994

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...

Pinfinity theme for WordPress cross-site scripting vulnerability

Pinfinity theme for WordPress is a multipurpose theme plugin for WordPress. Pinfinity theme for WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute client-side code...

CVE-2016-10993

The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter...

EUVD-2016-1963

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via tdajaxupdatepanel...

CVE-2019-15869

The JobCareer theme before 2.5.1 for WordPress has stored XSS...

CVE-2019-15870

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field...

WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection Google Dork: inurl:"/wp-content/themes/realestate-7/" Author: m0ze Vendor Homepage: https://contempothemes.com Software Link:...

Real Estate 7 < 2.9.1 - Stored XSS & IDOR

The 'Real Estate 7' premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. There is also an Insecure Direct Object Reference issue, allowing unauthorized users to edit listings they should not have...

Zoner - Real Estate <= 4.1 - Reflected & Stored XSS

Weak security measures like bad input fields data filtering has been discovered in the 'Zoner - Real Estate WordPress Theme'. PoC PoC Stored XSS Injection: Register on the demo website and go to https://zoner.fruitfulcode.com/author/yourlogin/?profile-page=myprofile page. Inside any text field ty...