2109 matches found
EUVD-2024-32435
The archive-tainacan-collection theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in version 2.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...
Spa and Salon < 1.2.8 - Cross-Site Request Forgery to Notice Dismissal
Description The Spa and Salon theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the spaandsalonupdateadminnotice function. This makes it possible for unauthenticated attackers to dismiss...
WordPress GuCherry Blog theme <= 1.1.8 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme GuCherry Blog versions = 1.1.8...
WordPress Theme My Login Plugin <= 7.1.6 is vulnerable to Broken Access Control
Software Theme My Login Type Plugin Vulnerable versions = 7.1.6 Fixed in 7.1.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32525 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 11dbddbd2e7f Credits Abdi Pranata Required...
WordPress NewsXpress theme <= 1.0.7 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme NewsXpress versions = 1.0.7...
WordPress The Conference theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme The Conference versions = 1.2.0...
WordPress CityLogic theme <= 1.1.29 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme CityLogic versions = 1.1.29...
WordPress i-excel theme <= 1.7.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme i-excel versions = 1.7.9...
PT-2024-24033 · WordPress +11 · Sensible Wp +14
Name of the Vulnerable Software and Affected Versions: X-T9 versions 1.19.0 and earlier Lightning versions 15.18.0 and earlier Default Mag versions 1.3.5 and earlier Namaha versions 1.0.40 and earlier CityLogic versions 1.1.29 and earlier i-max versions 1.6.2 and earlier Emmet Lite versions 1.7.5...
CVE-2024-31369
Cross-Site Request Forgery CSRF vulnerability in PenciDesign Soledad.This issue affects Soledad: from n/a through 8.4.2...
PT-2024-19869 · Themefusion · Avada
Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue allows authenticated attackers with editor-level access and above to perform SQL Injection via the entry parameter due to insufficient escaping on the...
WordPress Theme Newsmatic 安全漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Newsmatic 1.3.0 and earlier versions, which stems...
CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...
CVE-2024-2962 Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization
The Networker - Tech News WordPress Theme with Dark Mode theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the adminreloadnavmenu function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to...
WordPress Theme Networker 安全漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Networker 1.1.9 and earlier versions, which stems...
CVE-2023-6091 WordPress Theme Editor plugin <= 2.7.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1...
Newsmatic < 1.3.5 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content
Description The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...
WordPress Theme ColorMag 安全漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme ColorMag 3.1.6 and earlier versions, which stems...
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks. "These attacks are orchestrated from domains less than ...
CVE-2024-1771
The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...