CVE-2025-47600

CVE-2025-47600 affects WoodMart (xtemos WoodMart theme) up to version 8.3.7. Description notes a Basic XSS via improper neutralization of script-related HTML tags enabling Code Injection in WoodMart pages. Connected sources show concrete details: affected product WoodMart; vulnerability type Basi...

CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

CVE-2025-49935 WordPress WoodMart theme < 8.3.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through 8.3.2...

CVE-2025-49936 WordPress WoodMart theme < 8.3.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through 8.3.2...

WordPress WoodMart - Multipurpose WooCommerce Theme plugin <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability

WordPress WoodMart - Multipurpose WooCommerce Theme plugin = 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation vulnerability discovered by Samir El Khaouti in WordPress Theme WoodMart versions = 8.2.6...

WordPress WoodMart Theme <= 8.2.6 is vulnerable to Broken Access Control

Software WoodMart Type Theme Vulnerable versions = 8.2.6 Fixed in 8.2.7 OWASP Top 10 A3: Injection Classification Broken Access Control CVE CVE-2025-8097 Patch priority Low CVSS severity Low 5.3 Developer Xtemos PSID edd2e4c45666 Credits Samir El Khaouti Required privilege Unauthenticated Publish...

WordPress WoodMart plugin <= 8.2.5 - Unauthenticated Post Disclosure vulnerability

Unauthenticated Post Disclosure vulnerability discovered by stealthcopter in WordPress Theme WoodMart versions = 8.2.5...

WordPress WoodMart plugin <= 8.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Theme WoodMart versions = 8.2.3...

CVE-2023-32240

CVE-2023-32240 concerns WordPress WoodMart Theme (

CVE-2023-32240 WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1...

WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS)

Software WoodMart Type Theme Vulnerable versions = 7.2.4 Fixed in 7.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-41872 Patch priority Medium CVSS severity Medium 7.1 Developer Xtemos PSID 563c6cf0394d Credits Rafie Muhammad Patchstack Required privilege...

WordPress WoodMart Theme <= 7.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WoodMart Type Theme Vulnerable versions = 7.2.1 Fixed in 7.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32239 Patch priority Medium CVSS severity Medium 5.4 Developer Xtemos PSID 157d641b350c Credits Dave Jong Patchstack Required...