WordPress my money theme <= 2.0.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme my money versions = 2.0.6...

WordPress offset writing theme <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme offset writing versions = 1.2...

WordPress Js O3 Lite theme <= 1.5.8.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Js O3 Lite versions = 1.5.8.2...

CVE-2024-12855

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sbremovead' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2025-22334

CVE-2025-22334 describes an stored XSS in the WordPress plugin/theme setup “Education LMS” by FilaThemes. The vulnerability is classified as an improper neutralization of input during web page generation (XSS). Public details indicate the affected scope as Education LMS versions from n/a up to 0....

CVE-2024-12781

The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab1cldemoinstallpackagecontent' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated...

PT-2025-1950 · Aurum · Aurum

Name of the Vulnerable Software and Affected Versions: Aurum - WordPress & WooCommerce Shopping Theme versions prior to 4.0.3 Description: The issue concerns a missing capability check in the lab 1cl demo install package content function, allowing authenticated attackers with Subscriber-level...

WordPress TheFude theme < 1.3.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme TheFude - Crowdfunding & Charity WordPress Theme versions 1.3.8...

CVE-2024-38731

CVE-2024-38731 is a CSRF vulnerability in the WordPress theme i-amaze by Marsian, affecting versions up to 1.3.7 (and “n/a through 1.3.7” as stated). The CVSS metrics indicate a network attack vector, no confidentiality impact, and a partial integrity impact with a required user interaction, yiel...

CVE-2024-38731 WordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7...

CVE-2024-38732 WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2...

CVE-2024-38764

CVE-2024-38764 affects WordPress i-transform theme (≤3.0.9). The connected records confirm a CSRF vulnerability tied to the i-transform theme, with the CVE description stating cross-site request forgery is possible. Public materials list the affected component and indicate a CSRF risk, but the so...

CVE-2024-38764 WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9...

CVE-2024-38763 WordPress Popularis Verse theme <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in themes4wp Popularis Verse popularis-verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through = 1.1.1...

CVE-2024-38763 WordPress Popularis Verse theme <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Themes4WP Popularis Verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through 1.1.1...

CVE-2024-37508

CVE-2024-37508 affects the WordPress Construction Landing Page theme, versions

CVE-2024-37503 WordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4...

CVE-2024-37503 WordPress Lawyer Landing Page theme <= 1.2.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through = 1.2.4...

CVE-2024-37473 WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in blazethemes Trendy News trendy-news allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through = 1.0.15...

CVE-2024-37450 WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme Benevolent benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through = 1.3.4...