PT-2024-37768 · WordPress · Mdx Theme

Name of the Vulnerable Software and Affected Versions: MDx theme for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'mdx list item' shortcode due to insufficient input sanitization and output escaping on user-suppli...

WordPress theme MDx 安全漏洞

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme MDx version 2.0.3 and earlier versions,...

CVE-2024-7560 News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection

The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

PT-2024-38024 · WordPress +1 · Orchid Store +1

Name of the Vulnerable Software and Affected Versions: Orchid Store theme for WordPress versions up to, and including, 1.5.6 Description: The issue is related to a missing capability check on the orchid store activate plugin function, allowing authenticated attackers with Subscriber-level access...

PT-2024-38420 · WordPress · The News Flash

Name of the Vulnerable Software and Affected Versions: The News Flash theme for WordPress versions up to, and including, 1.1.0 Description: The issue allows authenticated attackers with Editor-level access and above to inject a PHP Object via deserialization of untrusted input from the newsflash...

WordPress Zenon Lite theme <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Zenon Lite versions = 1.9...

WordPress SociallyViral theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme SociallyViral versions = 1.0.10...

WordPress BookYourTravel theme <= 8.18.17 - Subscriber+ Privilege Escalation vulnerability

Subscriber+ Privilege Escalation vulnerability discovered by Dave Jong Patchstack in WordPress Theme BookYourTravel versions = 8.18.17...

WordPress Rara Business theme <= 1.2.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Rara Business versions = 1.2.5...

WordPress Rife Free theme <= 2.4.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Rife Free versions = 2.4.18...

CVE-2024-2233

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...

CVE-2024-2234

The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-2040

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

CVE-2024-2040

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

CVE-2024-2040

The connected Patchstack entry confirms a CSRF vulnerability in WordPress theme Himer prior to version 2.1.1, enabling an attacker to cause users to join private groups without authorization. The affected product is the Himer WordPress theme (versions

WordPress theme Himer Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Himer versions prior t...

PT-2024-19355 · WordPress · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to manipulate users into voting on polls they do not have access to through a CSRF attack...

WordPress Trendy News theme <= 1.0.15 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Trendy News versions = 1.0.15...

CVE-2024-5788

The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

WordPress Theron Lite theme <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Theron Lite versions = 2.0...