WordPress Theme Total Security Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress Theme Total 2.1.59 and earlier versions, which stems fro...

$2,751 Bounty Awarded for Arbitrary File Upload Vulnerability Patched in Avada WordPress Theme

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 6th, 2024, during our second Bug Bounty...

CVE-2024-1943

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

WordPress Theme Yuki Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Theme Yuki Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-4826

The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting XSS attack...

CVE-2023-4826 Socialdriver < 2024 - Prototype Pollution to XSS

The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting XSS attack...

CVE-2023-4826

The vulnerability CVE-2023-4826 affects the SocialDriver WordPress theme, specifically versions prior to 2024. It is a prototype pollution issue that could allow an attacker to inject arbitrary properties, leading to cross-site scripting (XSS). The root cause is a pollution of object properties i...

WordPress theme Socialdriver security vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in versions prior to WordPress theme Socialdriver 2024, which stems...

Bricks < 1.9.6.1 - Unauthenticated Remote Code Execution

Description The plugin does not prevent unauthenticated visitors from running code on vulnerable sites. Run the following JS on any site using the theme: await fetch"/wp-json/bricks/v1/renderelement", "credentials": "include", "headers": "Content-Type": "application/json" , "body":...

CVE-2024-24926

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...

Deserialization of untrusted data

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...

CVE-2024-24926 WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...

CVE-2024-24926

CVE-2024-24926 describes a deserialization of untrusted data vulnerability in UnitedThemes Brooklyn Theme (WordPress Brooklyn) up to version 4.9.7.6. The connected documents specify a PHP object injection/deserialization flaw as the root cause and list the affected software as the Brooklyn Theme,...

CVE-2024-24927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

CVE-2024-24927

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

CVE-2024-24927 WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through...

PT-2024-20665 · WordPress · Unitedthemes Brooklyn

Name of the Vulnerable Software and Affected Versions: UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme versions through 4.9.7.6 Description: The issue affects the UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme, allowing Reflected XSS due to...

CVE-2023-7194

The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...