CVE-2023-36529
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.
Ver mais

CVE-2023-3933
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Ver mais

CVE-2023-3962
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Ver mais

CVE-2023-3965
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Ver mais

CVE-2020-36755
The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Ver mais

CVE-2020-36753
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Ver mais

CVE-2023-2813
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.
Ver mais

CVE-2023-3708
Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Ver mais

CVE-2023-29430
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.
Ver mais

CVE-2023-28418
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions.
Ver mais

CVE-2023-32239
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.
Ver mais

CVE-2023-28171
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.
Ver mais

CVE-2023-27420
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions.
Ver mais

CVE-2020-36704
The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Ver mais

CVE-2020-36708
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.
Ver mais

CVE-2020-36711
The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Ver mais

CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.
Ver mais

CVE-2023-25447
Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions.
Ver mais

CVE-2023-29101
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions.
Ver mais

CVE-2023-27419
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions.
Ver mais

CVE-2023-28493
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.
Ver mais

CVE-2023-25961
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.
Ver mais

CVE-2023-27619
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.
Ver mais

CVE-2022-45849
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
Ver mais

CVE-2022-45358
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
Ver mais

CVE-2023-25041
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.
Ver mais

CVE-2023-29236
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions.
Ver mais

CVE-2022-47146
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions.
Ver mais

CVE-2022-0316
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.
Ver mais

CVE-2022-45353
Broken Access Control in Betheme theme <= 26.6.1 on WordPress.
Ver mais

CVE-2022-4114
The Superio WordPress theme does not sanitise and escape some parameters, which could allow users with a role as low as a subscriber to perform Cross-Site Scripting attacks.
Ver mais

CVE-2022-4239
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreap_addons_service_remove action, allowing any user to delete any post by knowing or guessing the id.
Ver mais

CVE-2022-3921
The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE
Ver mais

CVE-2022-3846
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.
Ver mais

CVE-2022-45363
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.
Ver mais

CVE-2022-3861
The Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..
Ver mais

CVE-2022-3401
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability (CVE-2022-3400), makes it possible for authenticated attackers with minimal permissions, such as a subscriber, can edit any page, post, or template on the vulnerable WordPress website and inject a code execution block that can be used to achieve remote code execution.
Ver mais

CVE-2022-3400
The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website.
Ver mais

CVE-2022-1323
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.
Ver mais

CVE-2022-1167
There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.
Ver mais

CVE-2022-1170
In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.
Ver mais

CVE-2020-36510
The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting
Ver mais

CVE-2021-24840
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a result, private and scheduled posts could be retrieved via a crafted request.
Ver mais

CVE-2021-24719
The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.
Ver mais

CVE-2021-24499
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
Ver mais

CVE-2021-24304
The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Ver mais

CVE-2021-3135
An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call.
Ver mais

CVE-2021-24387
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context
Ver mais

Workreap - CVE-2021-24500
Múltiplos scripts transversais (CSRF) + Referências de objeto direto inseguro (IDOR) descobertas por Harald Eilertsen (Jetpack) no Tema Premium WordPress Workreap (versões <= 2.2.1).
Ver mais

Workreap - CVE-2021-24501
Verificações de autorização ausentes na vulnerabilidade AJAX Ações descobertas por Harald Eilertsen (Jetpack) no Tema Premium do WorkRop WorkReap (versões <= 2.2.1).
Ver mais

CVE-2013-20002
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.
Ver mais

Jannah - CVE-2021-24407
Refletiu a vulnerabilidade de scripts transversais (XSS) descoberta por Truoc Phan no WordPress Jannah Premium tema (versões <= 5.4.4).
Ver mais

FoodBakery - CVE-2021-24389
Vulnerabilidade refletida do script (XSS) descoberta por Truoc Phan no tema do WordPress Foodbakery Premium (versões <= 2.1).
Ver mais

FoodPicky - FLL-E92CB555
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por m0ze no tema do WordPress FoodPicky Premium (versões <= 1,27).
Ver mais

Kupon - FLL-1BC1E891
Não autenticado refletiu a vulnerabilidade de scripts de local (XSS) descoberta por m0ze no tema WordPress Kupon Premium (versões <= 1,27).
Ver mais

Doo - FLL-2F9A593F
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por m0ze no tema do WordPress Doo Premium (versões <= 1,25).
Ver mais

Muza - FLL-64F391C5
Não autenticado refletiu a vulnerabilidade do script (XSS) descoberta por m0ze no tema do WordPress Muza Premium (versões <= 1,26).
Ver mais

Strong - FLL-5A98EAA3
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por m0ze no tema premium forte WordPress (versões <= 1,25).
Ver mais

Medican - FLL-26B281A5
Não autenticada refletiu a vulnerabilidade de scripts de local (XSS) descoberta por m0ze no tema do WordPress Medican Premium (versões <= 1,27).
Ver mais

Wisem - FLL-A2B95333
Não autenticado refletiu a vulnerabilidade do script (XSS) descoberta por m0ze no tema Premium WordPress Wisem (versões <= 1,26).
Ver mais

Loocall - FLL-89298926
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por m0ze no tema do WordPress Loocall Premium (versões <= 1,23).
Ver mais

Motor - CVE-2021-24375
Vulnerabilidade de inclusão de arquivos locais não autenticados (LFI) descoberta por Harald Eilertsen (Jetpack) no tema do WordPress Motor Premium (versões <= 3.0).
Ver mais

Jannah - CVE-2021-24364
Refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por Truoc Phan no tema do WordPress Jannah Premium (versões <= 5.4.3).
Ver mais

Real Estate 7 - FLL-B358C82F
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por M0ZE (Patchstack Red Team) no Tema Premium do WordPress Real Estate 7 (versões <= 3.1.0). Parâmetro vulnerável: "& ct_community =".
Ver mais

CVE-2021-24335
The Car Repair Services & Auto Mechanic WordPress theme before 4.0 did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue
Ver mais

CVE-2021-24317
The Listeo WordPress theme before 1.6.11 did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues
Ver mais

CVE-2021-24321
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection issues
Ver mais

CVE-2021-24319
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue
Ver mais

CVE-2021-24318
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector.
Ver mais

JNews - CVE-2021-24342
Refletiu a vulnerabilidade de scripts transversais (XSS) descoberta por Truoc Phan no Tema Premium do WordPress Jnews (versões <= 8.0.5).
Ver mais

CVE-2021-24297
The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Ver mais

CVE-2021-24314
The Goto WordPress theme before 2.1 did not sanitise, validate of escape the keywords GET parameter from its listing page before using it in a SQL statement, leading to an Unauthenticated SQL injection issue
Ver mais

Goto - FLL-DDD2FD08
Vulnerabilidade não autenticada do SQL Injection (SQLI) descoberta por M0ZE (Patchstack Red Team) no tema WordPress Goto Premium (versões <= 2.0).
Ver mais

CVE-2021-24235
The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
Ver mais

CVE-2021-24220
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code.
Ver mais

Bello - Directory & Listing - FLL-4E3B8000
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por M0ZE WordPress Bello - Diretório e listando tema premium (versões <= 1.5.7).
Ver mais

Bello - Directory & Listing - FLL-CC85B009
Vulnerabilidade não autenticada do SQL Injection (SQLI) descoberta por m0ze no WordPress Bello - Diretório e listando tema premium (versões <= 1.5.7).
Ver mais

Goto - FLL-E3512162
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por m0ze (Patchstack Red Team) no WordPress WordPress Goto Tema Premium (versões <= 1,9).
Ver mais

Findeo - FLL-3D63284B
Não autenticado refletiu a vulnerabilidade de scripts de localização cruzada (XSS) descoberta por M0ZE (Patchstack Red Team) no Tema Premium do WordPress FAdeo (versões <= 1.2.6).
Ver mais

Findeo - FLL-BC6FFE1E
Referências de objeto direto inseguro autenticado (IDOR) descoberta por M0ZE (Patchstack Red Team) no Tema Premium do WordPress FAdeo (versões <= 1.2.6).
Ver mais

WorkScout - FLL-8C7C690F
Vulnerabilidade de script (xss) cruzados descoberta por m0ze (Patchstack Red Team) no Workpress Workscout Premium Theme (versões <= 2.0.31).
Ver mais

WorkScout - FLL-B2FEE1AD
Vulnerabilidade de scripts de quadros transversais (XFS) descoberta por m0ze (Patchstack Red Team) no Workpress Workscout Premium Theme (versões <= 2.0.31).
Ver mais

Listeo - FLL-B929B399
Vulnerabilidades de scripts transversais persistidas múltiplas autenticadas (XSS) descobertas no tema WordPress Listeo Premium (versões <= 1.6.07).
Ver mais

Listeo - FLL-EE3AB008
Não autenticado refletiu a vulnerabilidade de scripts (XSS) descoberta por M0ZE (Patchstack Red Team) no tema do WordPress Listeo Premium (versões <= 1.6.07).
Ver mais

Listeo - FLL-223516E5
Vulnerabilidades de Referências de Objeto Direto Inseguro Múltiplas (IDOR) Descobridas pela M0ZE (Patchstack Red Team) no tema WordPress Listeo Premium (versões <= 1.6.07).
Ver mais

Ignition by Thrive Themes - FLL-068B29B2
Upload de arquivo arbitrário não autenticado e exclusão da opção descoberta pelo Wordfence no tema Premium do WordPress Ignition (versões <= 1,59).
Ver mais

Rise by Thrive Themes - FLL-A6F40438
O upload de arquivo arbitrário não autenticado e a exclusão da opção descobertos pelo WordFence no WordPress aumentam o tema Premium (versões <= 1,98).
Ver mais

Storied by Thrive Themes - FLL-3FCFF03D
Upload de arquivo arbitrário não autenticado e exclusão de opções descobertas pelo WordFence no tema Premium WordPress Storied (versões <= 1,97).
Ver mais

Luxe by Thrive Themes - FLL-511C0B1D
Upload de arquivo arbitrário não autenticado e exclusão de opções descobertas pelo WordFence no tema do WordPress Luxe Premium (versões <= 1,32).
Ver mais

Minus by Thrive Themes - FLL-A20ED6CF
Upload de arquivo arbitrário não autenticado e eliminação de opções descobertas pelo Wordfence no WordPress Minus Premium Theme (versões <= 1,97).
Ver mais

Performag by Thrive Themes - FLL-6459ADC0
Upload de arquivo arbitrário não autenticado e exclusão de opções descobertas pelo WordFence no Tema Premium do WordPress Performag (versões <= 1.200.9).
Ver mais

Pressive by Thrive Themes - FLL-90A31479
Upload de arquivo arbitrário não autenticado e exclusão de opções descobertas pelo Wordfence no tema Premium WordPress pressive (versões <= 1,97).
Ver mais

Focusblog by Thrive Themes - FLL-28B7E80D
Upload de arquivo arbitrário não autenticado e eliminação de opções descobertas pelo WordFence no WordPress FocusBlog Tema Premium (versões <= 1,97).
Ver mais

Squared by Thrive Themes - FLL-5E9C61CF
Upload de arquivo arbitrário não autenticado e exclusão da opção descoberta pelo WordFence no tema premium do WordPress Squared (versões <= 1,38).
Ver mais

Voice by Thrive Themes - FLL-BD501EB8
Upload de arquivo arbitrário não autenticado e exclusão de opções descobertas pelo WordFence no tema do WordPress Voice Premium (versões <= 1,33).
Ver mais

Bello - Directory & Listing - CVE-2021-24320
Não-autenticado refletiu a vulnerabilidade de scripts (XSS) descoberta por M0ZE (Patchstack Red Team) no WordPress Bello - Diretório e listando tema premium (versões <= 1.5.9).
Ver mais

Mediumish - CVE-2021-24316
Não autenticada refletiu a vulnerabilidade do script (xss) descoberta por m0ze no tema do WordPress Médio Premium (versões <= 1.0.47).
Ver mais

Fruitful - FLL-F1C877E0
Opções de tema autenticadas Vulnerabilidade de exclusão descoberta pelo Nintechnet no Tema Frutpress do WordPress (versões <= 3.8.1).
Ver mais

Wyzi - FLL-73506D21
Vulnerabilidade de scripts (XSS) transversais encontradas por Daniel Ruf no tema Premium WordPress Wyzi (versões <= 2.4.2).
Ver mais

EasyBook - CVE-2019-20211
Vulnerabilidade persistente de scripts (XSS) descoberta por m0ze no tema Premium do WordPress EasyBook (versões <= 1.2.1).
Ver mais