Himer Security Vulnerabilities and Issues — Himer CVE List

Lucene search

2codeHimer

5 matches found

CVE•added 2024/07/03 6:15 a.m.•54 views

CVE-2024-2233

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group

6.3CVSS4.5AI score0.00047EPSS

CVE•added 2024/07/03 6:15 a.m.•51 views

CVE-2024-2040

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack

6.3CVSS4.6AI score0.00045EPSS

CVE•added 2024/07/03 6:15 a.m.•50 views

CVE-2024-2235

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack

6.3CVSS4.5AI score0.00047EPSS

CVE•added 2024/07/03 6:15 a.m.•49 views

CVE-2024-2231

The allows any authenticated user to join a private group due to a missing authorization check on a function

6.5CVSS6.4AI score0.00301EPSS

CVE•added 2024/07/03 6:15 a.m.•49 views

CVE-2024-2234

The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks

6.3CVSS5.1AI score0.00069EPSS