CVE-2024-11912

The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘orderid’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2024-54350 WordPress hmd theme <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0...

CVE-2024-54350 WordPress hmd theme <= 2.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hjyl hmd hmd allows Stored XSS.This issue affects hmd: from n/a through = 2.0...

CVE-2024-11912

Summary (CVE-2024-11912) The Travel Booking WordPress Theme (Travel Booking WordPress Theme) is affected by a blind time-based SQL Injection via the parameter order_id in all versions up to 3.1.6. The vulnerability arises from insufficient escaping of the user-supplied order_id and inadequate pre...

CVE-2024-11912 Traveler <= 3.1.6 - Unauthenticated SQL Injection via order_id

The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the ‘orderid’ parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2024-11926

CVE-2024-11926 (Travel Booking WordPress Theme) in Travel Booking WordPress Theme (Trav eler) is a capability check bypass vulnerability. The issue arises from missing capability checks on functions: __stPartnerCreateServiceRental, st_delete_order_item, _st_partner_approve_booking, save_order_ite...

CVE-2024-11926 Traveler <= 3.1.6 - Missing Authorization in Several AJAX Actions

The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'stPartnerCreateServiceRental', 'stdeleteorderitem', 'stpartnerapprovebooking', 'saveorderitem', and 'userDenyEachInfo' functions in all versions up t...

PT-2024-17349 · WordPress · The Travel Booking Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Travel Booking WordPress Theme versions up to, and including, 3.1.6 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without permission due to a missing capability check on several...

CVE-2024-54257 WordPress tydskrif theme <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3...

CVE-2024-54345 WordPress Bicycleshop theme <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sonalsinha21 Bicycleshop bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through = 1.5...

CVE-2024-52480

Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...

CVE-2024-52480

Missing Authorization vulnerability in Astoundify Jobify jobify.This issue affects Jobify: from n/a through 4.3.0...

CVE-2024-52480

CVE-2024-52480 is a Missing Authorization (Broken Access Control) vulnerability in Astoundify Jobify - Job Board WordPress Theme, affecting versions up to 4.2.3. Public docs identify unauthenticated access issues but do not provide concrete exploitation details or a confirmed patch in the sources...

CVE-2024-43222 WordPress Sweet Date theme <= 3.7.3 - Privilege Escalation vulnerability

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through = 3.7.3...

CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in listingthemes Real Estate Directory real-estate-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through = 1.0.5...

CVE-2023-28532 WordPress Real Estate Directory theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation

Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5...

PT-2024-35321 · Astoundify · Astoundify Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Astoundify Jobify - Job Board WordPress Theme versions prior to 4.2.3 Description: The issue is related to a missing authorization vulnerability in the Astoundify Jobify - Job Board WordPress Theme. Recommendations: For versions prior to 4.2....

CVE-2024-11289

The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penciarchivemorepostajaxfunc, pencimorepostajaxfunc, and pencimorefeaturedpostajaxfunc. This makes it possible for unauthenticated attackers to include and...

CVE-2024-10849

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10849

CVE-2024-10849 details (NewsMash theme, WordPress) : The NewsMash WordPress theme is affected by a stored cross-site scripting (XSS) vulnerability via a malicious display name in all versions up to 1.0.71. Exploitation requires authenticated access at Contributor level or higher, and an attacker ...