WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Travel Monster versions = 1.1.2...

WordPress Striking theme <= 2.3.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Striking versions = 2.3.4...

WordPress theme Anima cross-site scripting vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blogs on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Anima version 1.4.1 and prior versions, which stems...

CVE-2024-5451

CVE-2024-5451 : The7 WordPress theme is vulnerable to a Stored Cross-Site Scripting (XSS) via the url attribute in the Icon and Heading widgets, affecting all versions up to and including 11.13.0. Exploitation requires authentication at contributor level or higher, enabling injection of scripts t...

CVE-2024-5966

The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

Malicious code in wordpress-theme-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 11ba6949abd5e27add3ceeb9c4709ae17be63d4831af09c7f34ca236d3b06b8e The OpenSSF Package Analysis project identified 'wordpress-theme-core' @ 0.0.123 npm as malicious. It is considered malicious because: - The...

MAL-2024-1648 Malicious code in wordpress-theme-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 11ba6949abd5e27add3ceeb9c4709ae17be63d4831af09c7f34ca236d3b06b8e The OpenSSF Package Analysis project identified 'wordpress-theme-core' @ 0.0.123 npm as malicious. It is considered malicious because: - The...

WordPress theme Flatsome Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress theme Materialis security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Hueman versions = 3.7.24...

PT-2024-27893 · WordPress · Newspaper Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Newspaper theme for WordPress versions up to, and including, 12.6.5 Description: The issue is related to Stored Cross-Site Scripting via attachment meta in the archive page due to insufficient input sanitization and output escaping on user...

WordPress Theme CAS 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme CAS 1.0.0 and earlier versions, which stems from the...

WordPress theme Porto 安全漏洞

WordPress is a suite of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Porto version 7.1.0 and earlier...

WordPress Theme Porto 安全漏洞

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Porto version 3.0.9 and earlier versions...

CVE-2024-3747 Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block

The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-28815 · WordPress · Virtue

Name of the Vulnerable Software and Affected Versions: Virtue theme for WordPress versions up to, and including, 3.4.8 Description: The issue is related to Stored Cross-Site Scripting via a Post Author's name due to insufficient input sanitization and output escaping when the latest posts feature...

WordPress Althea WP theme <= 1.0.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Althea WP versions = 1.0.13...

WordPress theme Teluro 跨站请求伪造漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blogs on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Teluro version 1.0.31 and earlier versions. A...

WordPress XStore theme <= 9.3.8 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme XStore versions = 9.3.8...

CVE-2024-32525 WordPress Theme My Login plugin <= 7.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme My Login.This issue affects Theme My Login: from n/a through 7.1.6...