CVE-2024-2233

Affected software/impact: Himer WordPress theme prior to 2.1.1 contains CSRF vulnerabilities in group-management actions (e.g., declining/accepting invitations, leaving a group). The root cause is missing CSRF checks in certain areas, enabling logged-in users to be targeted via CSRF attacks. Vers...

CVE-2024-2235

The CVE-2024-2235 entry concerns the Himer WordPress theme pre-2.1.1 lacking CSRF checks in multiple areas, enabling CSRF-based vote manipulation on polls (including restricted ones). Affected product: Himer WordPress theme

CVE-2024-2040

The connected Patchstack entry confirms a CSRF vulnerability in WordPress theme Himer prior to version 2.1.1, enabling an attacker to cause users to join private groups without authorization. The affected product is the Himer WordPress theme (versions

CVE-2024-2234

CVE-2024-2234 affects the Himer WordPress theme prior to version 2.1.1. The issue arises from insufficient sanitisation and escaping of certain Post settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., Contributors). The vulnerability is tied to the theme’s handling of po...

CVE-2024-2231

CVE-2024-2231 affects the WordPress plugin Himer – Social Questions and Answers (versions prior to 2.1.1). The vulnerability arises from a missing authorization check on a function, allowing any authenticated user to join a private group via an IDOR-like flow. Impact is limited to unauthorized gr...

CVE-2024-2232

CVE-2024-2232 corresponds to the Himer WordPress Theme CSRF issue: lack of CSRF checks allows inviting any user to any group (including private groups). PatchSTACK notes vulnerable versions are