WordPress Theme WPLMS 跨站请求伪造漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress Theme WPLMS. No information about this...

VulnCheck KEV: CVE-2023-36529

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4...

WordPress Workreap 2.2.2 Shell Upload Exploit

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author: Mohammad Hossei...

WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution

Exploit Title: WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution Dork: inurl:/wp-content/themes/workreap/ Date: 2023-06-01 Category : Webapps Vendor Homepage: https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454 Exploit Author...

CVE-2020-36711

The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the updatelayout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web...

Cross site scripting

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitfulthemeoptionsaction AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2020-36723 ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

WordPress theme Epsilon Framework 代码注入漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A code injection vulnerability exists in WordPress theme Epsilon Framework, which stems from...

WordPress Theme Fruitful 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Fruitful version 3.8.1 and prior...

CVE-2023-23713 WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Manoj Thulasidas Theme Tweaker plugin = 5.20 versions...

CVE-2023-27419 WordPress Viable blog Theme <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Everest themes Viable Blog theme = 1.1.4 versions...

WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting

On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...

CVE-2022-47146

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Contempoinc Real Estate 7 WordPress theme = 3.3.1 versions...

CVE-2022-47146

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Contempoinc Real Estate 7 WordPress theme = 3.3.1 versions...

CVE-2022-47146

CVE-2022-47146 affects the Contempoinc Real Estate 7 WordPress theme (versions

CVE-2022-47146 WordPress Real Estate 7 Theme <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Contempoinc Real Estate 7 WordPress theme = 3.3.1 versions...

WordPress theme Real Estate 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Real Estate 7 version 3.3.1 an...

PT-2023-15192 · WordPress · Contempoinc Real Estate 7

Name of the Vulnerable Software and Affected Versions: Contempoinc Real Estate 7 WordPress theme versions 3.3.1 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows for the execution of malicious scripts on the...

WordPress Theme Tweaker Plugin <= 5.20 is vulnerable to Cross Site Request Forgery (CSRF)

Software Theme Tweaker Type Plugin Vulnerable versions = 5.20 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23713 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6e1a4c281d2a Credits Mika Required privilege...

CVE-2022-0316

The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from...