Big Store Security Vulnerabilities - November

CVE-2022-38057

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.

CVE-2022-40218

Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4.

CVE-2023-27431

Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions.

CVE-2024-44049

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7.

CVE-2024-8434

The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level...