Woodmart Security Vulnerabilities and Issues — Woodmart CVE List

Lucene search

XtemosWoodmart

11 matches found

CVE•added 2024/04/24 4:15 p.m.•136 views

CVE-2023-25790

Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4.

5.3CVSS6.2AI score0.00103EPSS

CVE•added 2024/12/12 9:15 a.m.•80 views

CVE-2024-12333

The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query ...

6.5CVSS6.8AI score0.00319EPSS

CVE•added 2023/06/22 1:15 p.m.•44 views

CVE-2023-32239

Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.

5.4CVSS5.2AI score0.00115EPSS

CVE•added 2025/01/02 3:15 p.m.•40 views

CVE-2023-32240

Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.

5.4CVSS7AI score0.0007EPSS

CVE•added 2023/09/25 2:15 a.m.•40 views

CVE-2023-41872

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.

7.1CVSS6AI score0.00083EPSS

CVE•added 2023/12/21 1:15 p.m.•30 views

CVE-2023-32242

Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36.

9.8CVSS9.6AI score0.00735EPSS

CVE•added 2023/11/09 11:15 p.m.•27 views

CVE-2023-32500

Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.

8.8CVSS8.9AI score0.00096EPSS

CVE•added 2025/07/08 7:15 a.m.•15 views

CVE-2025-6743

The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated at...

6.4CVSS5.6AI score0.00029EPSS

CVE•added 2025/07/08 7:15 a.m.•14 views

CVE-2025-6746

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, all...

8.8CVSS7.3AI score0.00087EPSS

CVE•added 2025/07/08 10:15 a.m.•13 views

CVE-2025-6744

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_get_products_shor...

7.3CVSS7.3AI score0.00191EPSS

CVE•added 2025/07/11 8:15 a.m.•7 views

CVE-2025-6745

The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data fr...

5.3CVSS6.7AI score0.0005EPSS