CVE-2023-7194

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-50892

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9...

CVE-2023-49187

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4...

CVE-2023-49826

Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1...

CVE-2023-36529

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4...

CVE-2023-4826

The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting XSS attack...

CVE-2023-51501

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6...

CVE-2023-49750

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2...

CVE-2023-29432

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3...

CVE-2022-1323

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...

CVE-2022-4700

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredtheme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

CVE-2022-4114

The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks...

CVE-2022-2627

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

PT-2025-22681 · WordPress · Gavias Kiamo - Responsive Business Service Wordpress Theme

Name of the Vulnerable Software and Affected Versions: gavias Kiamo - Responsive Business Service WordPress Theme versions 1.3.3 and earlier Description: The issue affects the gavias Kiamo - Responsive Business Service WordPress Theme, allowing for PHP Local File Inclusion due to improper control...

CVE-2022-2180

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE...

CVE-2022-1251

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request...

CVE-2022-1241

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues...

CVE-2022-1167

There are unauthenticated reflected Cross-Site Scripting XSS vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters...

CVE-2022-1170

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests...

CVE-2022-3921

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE...