CVE-2024-10673 Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the topstoreinstallandactivatecallback function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level...

CVE-2024-9775

The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping. This makes it possible for authenticated...

WordPress WPLMS theme <= 4.962 - Unauthenticated Arbitrary File Read and Deletion vulnerability

Unauthenticated Arbitrary File Read and Deletion vulnerability discovered by Foxyyy in WordPress Theme WPLMS versions = 4.962...

Exploit for CVE-2024-10470

CVE-2024-10470 WPLMS Learning Management System for WordPress...

CVE-2024-51682

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor ht-builder allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for Elementor: from n/a through = 1.3.0...

WordPress HT Builder – WordPress Theme Builder for Elementor Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software HT Builder – WordPress Theme Builder for Elementor Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51682 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 0f85ba0467c8 Credits Gab...

WordPress Clean Retina theme <= 3.0.6 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Theme Clean Retina versions = 3.0.6...

CVE-2024-10250

CVE-2024-10250 affects Nioland theme for WordPress (versions

WordPress Digitally theme <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme Digitally versions = 1.0.8...

WordPress my flatonica theme <= 0.0.8 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by justakazh Patchstack Alliance in WordPress Theme my flatonica versions = 0.0.8...

WordPress disconnected Theme <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software disconnected Type Theme Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49268 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8595c00a71d4 Credits justakazh Required privilege...

CVE-2024-7433

The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2023-3410

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder...

PT-2024-12467 · WordPress · Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.10.1 Description: The issue is related to Stored Cross-Site Scripting via the customTag attribute due to insufficient input sanitization and output escaping. This allows...

CVE-2024-5867

The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5870

The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-5789

The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5869 Neighborly <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode

The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2024-5884

CVE-2024-5884 affects the Beauty WordPress theme (versions

PT-2024-37155 · WordPress · Triton Lite

Name of the Vulnerable Software and Affected Versions: Triton Lite theme for WordPress versions up to, and including, 1.3 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the theme's Button shortcode due to insufficient input sanitization and output...