Lucene search
+L
WeaverthemeWeaver Xtreme Theme Support

4 matches found

CVE
CVE
added 2024/06/05 7:34 a.m.53 views

CVE-2024-4939

CVE-2024-4939 | Weaver Xtreme Theme Support (WordPress) is affected by a Stored XSS via the div shortcode in all versions up to 6.4. The issue allows authenticated attackers with contributor-level access and above to inject scripts that execute when users load the affected pages. The vulnerabilit...

6.4CVSS5.5AI score0.00273EPSS
CVE
CVE
added 2023/04/24 6:30 p.m.50 views

CVE-2023-0276

The CVE concerns the Weaver Xtreme Theme Support WordPress plugin prior to 6.2.7, where certain shortcode attributes are not validated or escaped before being echoed into pages/posts. This leads to a Stored Cross-Site Scripting (Stored XSS) risk when a user with the contributor role (or higher) e...

5.4CVSS5.3AI score0.00471EPSS
CVE
CVE
added 2023/10/16 7:38 p.m.44 views

CVE-2023-4971

CVE-2023-4971 affects the WordPress plugin Weaver Xtreme Theme Support prior to version 6.3.1. The root cause is unserialising the contents of an imported file, which could enable PHP object injection when a high-privilege user imports a malicious file and a suitable gadget chain is present on th...

7.2CVSS6.9AI score0.00976EPSS
CVE
CVE
added 2024/01/11 8:32 a.m.38 views

CVE-2023-6990

CVE-2023-6990 affects Weaver Xtreme for WordPress (versions ≤ 6.3.0). It is a stored XSS via custom post meta (page-head-code) caused by insufficient input sanitization and output escaping. Authenticated users with contributor-level+ can inject scripts that execute when pages are viewed. The issu...

5.4CVSS5.2AI score0.00315EPSS