2108 matches found
CVE-2024-13769
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'themeoptionsajaxpostaction' AJAX action in all versions up to, and including, 4.2.4. This makes it possible for...
CVE-2024-13421
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...
CVE-2024-13656
The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.6.0. This makes it...
CVE-2024-13867
The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2024-13867
CVE-2024-13867 affects Listivo - Classified Ads WordPress Theme. A Reflected Cross-Site Scripting vulnerability exists via the s parameter in all versions up to and including 2.3.67, enabling unauthenticated attackers to inject scripts on pages executed when a user clicks a crafted link. Connecte...
CVE-2024-13346
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running...
CVE-2024-13770
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2024-10763
CVE-2024-10763 affects the WordPress Campress theme (versions up to 1.35). The vulnerability is a Local File Inclusion via the function campress_woocommerce_get_ajax_products, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server, potentially bypassing access...
CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2024-13770 Puzzles | WP Magazine / Review with Store WordPress Theme + RTL <= 4.2.4 - Unauthenticated PHP Object Injection
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...
WordPress Puzzles theme <= 4.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by István Márton in WordPress Theme Puzzles versions = 4.2.4...
CVE-2024-13769
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'themeoptionsajaxpostaction' AJAX action in all versions up to, and including, 4.2.4. This makes it possible for...
CVE-2024-13769
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'themeoptionsajaxpostaction' AJAX action in all versions up to, and including, 4.2.4. This makes it possible for...
CVE-2024-13656
The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.6.0. This makes it...
CVE-2024-13421
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...
CVE-2024-13654
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'resetoptions' function in all versions up to, and including, 2.12.0. This makes it possible for...
CVE-2024-13653
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backupoptions' and 'restoreoptions' functions in all versions up to, and including, 2.12.0. Thi...
CVE-2024-13421
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...
CVE-2024-13656 Click Mag - Viral WordPress News Magazine/Blog Theme <= 3.6.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Deletion
The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanelofajaxcallback function in all versions up to, and including, 3.6.0. This makes it...
CVE-2024-13421 Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...