WordPress ThemeMakers Accio One Page Parallax Responsive theme Information Disclosure Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.ThemeMakers Accio One Page Parallax Responsive theme is a responsive one page parallax effect website theme plugin used in i...

WordPress Theme Editor plugin <= 2.1 - Multiple vulnerabilities

Multiple vulnerabilities CSRF, insufficient permission checking, arbitrary file upload found by WebARX in WordPress Theme Editor plugin versions = 2.1. Solution Update the WordPress Theme Editor plugin to the latest available version at least 2.2...

EUVD-2015-9246

Directory traversal vulnerability in the mTheme-Unus theme before 2.3 for WordPress allows an attacker to read arbitrary files via a .. dot dot in the files parameter to css/css.php...

CVE-2016-11002

The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation...

CVE-2016-10997

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php...

CVE-2016-10994

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter...

Pinfinity theme for WordPress cross-site scripting vulnerability

Pinfinity theme for WordPress is a multipurpose theme plugin for WordPress. Pinfinity theme for WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute client-side code...

CVE-2016-10993

The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter...

EUVD-2016-1963

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via tdajaxupdatepanel...

CVE-2019-15869

The JobCareer theme before 2.5.1 for WordPress has stored XSS...

CVE-2019-15870

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field...

WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection Google Dork: inurl:"/wp-content/themes/realestate-7/" Author: m0ze Vendor Homepage: https://contempothemes.com Software Link:...

Real Estate 7 < 2.9.1 - Stored XSS & IDOR

The 'Real Estate 7' premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. There is also an Insecure Direct Object Reference issue, allowing unauthorized users to edit listings they should not have...

Zoner - Real Estate <= 4.1 - Reflected & Stored XSS

Weak security measures like bad input fields data filtering has been discovered in the 'Zoner - Real Estate WordPress Theme'. PoC PoC Stored XSS Injection: Register on the demo website and go to https://zoner.fruitfulcode.com/author/yourlogin/?profile-page=myprofile page. Inside any text field ty...

JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting

Bad input fields data filtering has been discovered in the 'JobCareer | Job Board Responsive WordPress Theme'. PoC http://jobcareer.chimpgroup.com/candidate/asdasdasdasdasd/ Register a new account on the demo website: http://jobcareer.chimpgroup.com/ , then go to the «Resume» profile tab:...

warracres-ok.gov XSS vulnerability

Open Bug Bounty ID: OBB-681445 Description| Value ---|--- Affected Website:| warracres-ok.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Proud City Wordpress Theme Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

lucastexas.us XSS vulnerability

Open Bug Bounty ID: OBB-681444 Description| Value ---|--- Affected Website:| lucastexas.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Proud City Wordpress Theme Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ketteringoh.org XSS vulnerability

Open Bug Bounty ID: OBB-681443 Description| Value ---|--- Affected Website:| ketteringoh.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Proud City Wordpress Theme Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

govtransformationexchange.org XSS vulnerability

Open Bug Bounty ID: OBB-681436 Description| Value ---|--- Affected Website:| govtransformationexchange.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Proud City Wordpress Theme Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv...

cityofportorchard.us XSS vulnerability

Open Bug Bounty ID: OBB-681427 Description| Value ---|--- Affected Website:| cityofportorchard.us Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Proud City Wordpress Theme Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...