2104 matches found
CVE-2025-11522
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...
CVE-2025-9371
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...
CVE-2025-9371
CVE-2025-9371 corresponds to Betheme (WordPress) with a Stored XSS via the page_title parameter. Affected versions are up to 28.1.6; PT-security notes 28.1.7+ as the fix, and Patchstack confirms Authenticated (Contributor+) Stored Cross-Site Scripting via page_title with Betheme
CVE-2025-9371 Betheme <= 28.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'page_title'
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...
EUVD-2025-33331
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagetitle’ parameter in all versions up to, and including, 28.1.6 due to insufficient input sanitization and output escaping of theme breadcrumbs. This makes it possible for authenticated attackers, with...
CVE-2025-11522
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...
CVE-2025-11522 Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...
CVE-2025-11522 Search & Go - Directory WordPress Theme <= 2.7 - Authentication Bypass to Privilege Escalation via Account Takeover
The Search & Go - Directory WordPress Theme theme for WordPress is vulnerable to Authentication Bypass via account takeover in all versions up to, and including, 2.7. This is due to insufficient user validation in the searchandgoelatedcheckfacebookuser function This makes it possible for...
CVE-2025-11522
CVE-2025-11522 is a high-severity vulnerability in the WordPress theme/plugin “Search & Go – Directory WordPress Theme” up to version 2.7. The root cause is insufficient validation in the search_and_go_elated_check_facebook_user() function, enabling an unauthenticated attacker to bypass authentic...
CVE-2025-6038 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...
CVE-2025-6038 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation
The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...
PT-2025-41360
Name of the Vulnerable Software and Affected Versions Search & Go - Directory WordPress Theme versions prior to 2.7 Description The Search & Go - Directory WordPress Theme is susceptible to authentication bypass, potentially leading to account takeover. This occurs due to inadequate user validati...
WordPress xSmart theme <= 1.2.9.4 - Content Injection vulnerability
Content Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme xSmart versions = 1.2.9.4...
EUVD-2015-9322
Malware in sbrugna...
EUVD-2015-9313
Malware in sbrugna...
EUVD-2015-9344
Malware in sbrugna...
EUVD-2021-11412
Malware in sbrugna...
EUVD-2021-11413
Malware in sbrugna...
EUVD-2013-0307
Malware in sbrugna...
EUVD-2015-9342
Malware in sbrugna...