4 matches found
CVE-2024-4939
CVE-2024-4939 | Weaver Xtreme Theme Support (WordPress) is affected by a Stored XSS via the div shortcode in all versions up to 6.4. The issue allows authenticated attackers with contributor-level access and above to inject scripts that execute when users load the affected pages. The vulnerabilit...
CVE-2023-0276
The CVE concerns the Weaver Xtreme Theme Support WordPress plugin prior to 6.2.7, where certain shortcode attributes are not validated or escaped before being echoed into pages/posts. This leads to a Stored Cross-Site Scripting (Stored XSS) risk when a user with the contributor role (or higher) e...
CVE-2023-4971
CVE-2023-4971 affects the WordPress plugin Weaver Xtreme Theme Support prior to version 6.3.1. The root cause is unserialising the contents of an imported file, which could enable PHP object injection when a high-privilege user imports a malicious file and a suitable gadget chain is present on th...
CVE-2023-6990
CVE-2023-6990 affects Weaver Xtreme for WordPress (versions ≤ 6.3.0). It is a stored XSS via custom post meta (page-head-code) caused by insufficient input sanitization and output escaping. Authenticated users with contributor-level+ can inject scripts that execute when pages are viewed. The issu...