3 matches found
CVE-2025-0837
CVE-2025-0837 : Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via shortcodes in versions up to and including 4.2.4 due to insufficient input sanitization and output escaping on user-supplied attributes. The issue can be exploited by authenticated attackers with at...
CVE-2024-13770
The CVE-2024-13770 entry concerns the Puzzles | WP Magazine / Review with Store WordPress Theme + RTL (WordPress) vulnerable to unauthenticated PHP Object Injection in all versions up to 4.2.4 via deserialization of input in the view_more_posts AJAX action. The impact is contingent on a POP chain...
CVE-2024-13769
CVE-2024-13769 – Puzzles theme (WP Magazine / Review with Store WordPress Theme + RTL) Vulnerability: Stored Cross-Site Scripting due to a missing capability check on the theme_options_ajax_post_action AJAX action. Affected versions: all versions up to and including 4.2.4. Impact: Authenticated a...