2109 matches found
CVE-2023-49827
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from...
CVE-2023-49827
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from...
CVE-2023-49827
CVE-2023-49827 affects the Soledad WordPress theme (multipurpose/Soledad) up to version 8.4.1, enabling Reflected XSS due to improper input handling in web page generation. The Red Hat and Patchstack entries corroborate the vulnerability and list 8.4.2 as the fixed version. Recommended remediatio...
WordPress Theme Editor Plugin <= 2.7.1 is vulnerable to Arbitrary File Upload
Software Theme Editor Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.8 OWASP Top 10 A4: Insecure Design Classification Arbitrary File Upload CVE CVE-2023-6091 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e6961ec7faba Credits Dateoljo of BoB 12th Required privilege...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4...
CVE-2023-36529
CVE-2023-36529 affects Favethemes Houzez - Real Estate WordPress Theme (Houzez CRM plugin)
PT-2023-25611 · Favethemes · Favethemes Houzez - Real Estate Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Favethemes Houzez - Real Estate WordPress Theme versions 1.3.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...
CVE-2023-3965
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
CVE-2023-3933 Your Journey <= 1.9.8 - Prototype Pollution to Reflected Cross-Site Scripting
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2023-3962 Winters <= 1.4.3 - Prototype Pollution to Reflected Cross-Site Scripting
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2020-36753
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save metabox data via a forged request...
PT-2023-27038 · WordPress · Winters Theme
Name of the Vulnerable Software and Affected Versions: Winters theme for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Reflected Cross-Site Scripting via prototype pollution due to insufficient input sanitization and output escaping. This allows unauthenticat...
PT-2023-26884 · WordPress · Your Journey
Name of the Vulnerable Software and Affected Versions: The Your Journey theme for WordPress versions up to, and including, 1.9.8 Description: The issue is related to Reflected Cross-Site Scripting via prototype pollution due to insufficient input sanitization and output escaping. This allows...
WordPress Theme Switcha Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)
Software Theme Switcha Type Plugin Vulnerable versions = 3.3 Fixed in 3.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5614 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 14276bf399ef Credits Lana Codes Required privileg...
CVE-2023-41235
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest Themes Everest News Pro theme = 1.1.7 versions...
CVE-2023-41872 WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Xtemos WoodMart plugin = 7.2.4 versions...
CVE-2023-2813
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
Laborator Kalium Cross-Site Scripting Vulnerability
Laborator Kalium is a WordPress theme by Laborator. A cross-site scripting vulnerability exists in Laborator Kalium prior to version 3.0.4, which stems from a cross-site scripting XSS vulnerability in the name input field of a Contact Us form, allowing remote attackers to execute arbitrary code...
WordPress Villar Theme <= 1.0.10 is vulnerable to Cross Site Scripting (XSS)
Software Villar Type Theme Vulnerable versions = 1.0.10 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3b4edd361313 Credits Rafie Muhammad Patchstack Required privileg...