CVE-2024-10578

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-10578

CVE-2024-10578 – Pubnews theme (WordPress) has an unauthenticated/arbitrary plugin installation vulnerability through a missing capability check in pubnews_importer_plugin_action_for_notice() across all versions up to 1.0.7. The issue allows authenticated attackers with Subscriber-level access an...

CVE-2024-10578 Pubnews <= 1.0.7 - Authenticated (Subscriber+) Arbitrary Plugin Installation

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnewsimporterpluginactionfornotice function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2024-11420

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2024-52478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Jobify jobify allows Stored XSS.This issue affects Jobify: from n/a through 4.3.0...

CVE-2024-52479

Cross-Site Request Forgery CSRF vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through 4.3.0...

CVE-2024-52479

Cross-Site Request Forgery CSRF vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...

CVE-2024-52478

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...

CVE-2024-52478

CVE-2024-52478 is a Cross-Site Scripting (Stored XSS) vulnerability in the Ben Marshall Jobify – Job Board WordPress Theme, affecting versions up to 4.2.3 (n/a through 4.2.3). The issue arises from improper input neutralization during web page generation. Multiple connected sources explicitly con...

PT-2024-35318 · WordPress · Ben Marshall Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Ben Marshall Jobify - Job Board WordPress Theme versions n/a through 4.2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This mea...

PT-2024-35319 · WordPress · Ben Marshall Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Ben Marshall Jobify - Job Board WordPress Theme versions n/a through 4.2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user into...

CVE-2024-52481

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through 4.3.0...

CVE-2024-52481

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3...

CVE-2024-52481 WordPress Jobify theme < 4.3.0 - Unauthenticated Arbitrary File Read vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through 4.3.0...

CVE-2024-52481

CVE-2024-52481 affects Astoundify Jobify (WordPress Theme) up to 4.2.3. It is described as an improper pathname limitation leading to path traversal, enabling unauthenticated access to read files (unauthenticated arbitrary file read). The entry is supported by multiple connected sources noting an...

PT-2024-35322 · Astoundify · Astoundify Jobify - Job Board Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Astoundify Jobify - Job Board WordPress Theme versions through 4.2.3 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This allows Relative Path...

WordPress Theme Builder For Elementor plugin <= 1.2.2 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Theme Builder For Elementor versions = 1.2.2...

WordPress ForumEngine theme <= 1.8 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by rajanhoyr in WordPress Theme ForumEngine versions = 1.8...

WordPress Theme Builder For Elementor Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software Theme Builder For Elementor Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Access Control CVE CVE-2024-10782 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266b574a3c97...

WordPress AccessPress Staple theme <= 1.9.1 - Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation to RCE vulnerability discovered by Mika Patchstack Alliance in WordPress Theme AccessPress Staple versions = 1.9.1...