WordPress Themify Sidepane WordPress Theme Theme <= 1.9.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Sidepane WordPress Theme Type Theme Vulnerable versions = 1.9.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-31013 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID ae3543e5888e Credits Tran Nguyen Bao Khanh VC...

WordPress Newscrunch Theme 1.8.4.1 Shell Upload

WordPress Newscrunch theme version 1.8.4.1 suffers from a remote shell upload vulnerability...

CVE-2025-2804 tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'account_id' and 'account_username'

The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the 'accountid' and 'accountusername' parameters in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2025-22770 WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6...

CVE-2025-22770 WordPress Envo Multipurpose theme <= 1.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in EnvoThemes Envo Multipurpose allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Multipurpose: from n/a through 1.1.6...

CVE-2025-22816 WordPress Power Mag theme <= 1.1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeTrendy Power Mag allows DOM-Based XSS.This issue affects Power Mag: from n/a through 1.1.5...

CVE-2025-26736 WordPress MorningTime Lite theme <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in victortihai MorningTime Lite morningtime-lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through = 1.3.2...

CVE-2025-26736 WordPress MorningTime Lite theme <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in victortihai MorningTime Lite morningtime-lite allows Stored XSS.This issue affects MorningTime Lite: from n/a through = 1.3.2...

CVE-2025-26737 WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yudleethemes City Store allows DOM-Based XSS.This issue affects City Store: from n/a through 1.4.5...

CVE-2025-26739 WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1...

CVE-2025-26739 WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themefunction newseqo allows Stored XSS.This issue affects newseqo: from n/a through 2.1.1...

CVE-2025-26747 WordPress RainbowNews theme <= 1.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 99colorthemes RainbowNews allows Stored XSS.This issue affects RainbowNews: from n/a through 1.0.7...

CVE-2025-26922 WordPress AuraMart theme <= 2.0.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techthemes AuraMart auramart allows Stored XSS.This issue affects AuraMart: from n/a through = 2.0.7...

CVE-2025-25134 WordPress Theme Demo Bar Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: from n/a through = 1.6.3...

WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Theme newseqo versions = 2.1.1...

CVE-2024-12920

The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakeryvarbackupfiledelete, foodbakerywidgetfiledelete, themeoptionsave, exportwidgetsettings,...

WordPress Theme Demo Bar Plugin <= 1.6.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Theme Demo Bar versions = 1.6.3...

CVE-2024-13790

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

Nokri - Job Board Theme for WordPress < 1.6.3 Arbitrary Password Change

The WordPress DWT - Directory & Listing Theme installed on the remote host is affected by an unauthenticated Arbitrary Password Change. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

CVE-2024-12810

The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, wit...