Sindbad~EG File Manager

{"CVE_ID":"CVE-2025-8143","slug":"soledad","versionImpact":"8.6.7","versionEndExcluding":"8.6.8","description":"The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018pcsml_smartlists_h\u2019 parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398#item-description__update-changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398#item-description__update-changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8852d39-e34a-45d3-aee8-1ccbfc0ab238?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e8852d39-e34a-45d3-aee8-1ccbfc0ab238?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8142","slug":"soledad","versionImpact":"8.6.7","versionEndExcluding":"8.6.8","description":"The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.6.7 via the 'header_layout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.","recommendation":"Update to version 8.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398#item-description__update-changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398#item-description__update-changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dea9b4a-d7a5-4ea7-b55f-b42f8f5c4a91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7dea9b4a-d7a5-4ea7-b55f-b42f8f5c4a91?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8105","slug":"soledad","versionImpact":"8.6.7","versionEndExcluding":"8.6.8","description":"The The Soledad theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.6.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 8.6.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398#item-description__update-changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398#item-description__update-changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6c842bb-914a-47c1-aaac-e748f58e12ef?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a6c842bb-914a-47c1-aaac-e748f58e12ef?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11289","slug":"soledad","versionImpact":"8.5.9","versionEndExcluding":"8.6.0","description":"The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows.","recommendation":"Update to version 8.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/soledad-multiconcept-blogmagazine-wp-theme\\\/12945398\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/927674db-05f1-4f3b-8297-8a907955ea87?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/927674db-05f1-4f3b-8297-8a907955ea87?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49826","slug":"soledad","versionImpact":"","versionEndExcluding":"8.4.2","description":"Deserialization of Untrusted Data vulnerability in PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n\/a through 8.4.1.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/soledad\\\/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/soledad\\\/wordpress-soledad-theme-8-4-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49825","slug":"soledad","versionImpact":"","versionEndExcluding":"8.4.2","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n\/a through 8.4.1.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/soledad\\\/wordpress-soledad-theme-8-4-1-contributor-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/soledad\\\/wordpress-soledad-theme-8-4-1-contributor-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8097","slug":"woodmart","versionImpact":"8.2.6","versionEndExcluding":"8.2.7","description":"The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_update_cart_item function. This makes it possible for unauthenticated attackers to manipulate cart quantities using fractional values, allowing them to obtain products for free by setting extremely small quantities (e.g., 0.00001) that round cart totals to $0.00, effectively bypassing payment requirements and allowing unauthorized acquisition of virtual or downloadable products.","recommendation":"Update to version 8.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b030aa28-5310-4f69-8b86-7e0b0bae741b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b030aa28-5310-4f69-8b86-7e0b0bae741b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6745","slug":"woodmart","versionImpact":"8.2.5","versionEndExcluding":"8.2.6","description":"The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to.","recommendation":"Update to version 8.2.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3408895e-3418-4f70-8b7c-76f6ba899d11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3408895e-3418-4f70-8b7c-76f6ba899d11?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6744","slug":"woodmart","versionImpact":"8.2.3","versionEndExcluding":"8.2.4","description":"The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_get_products_shortcode() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 8.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd056d29-3bd9-49e4-bcc4-fa487de8a27e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dd056d29-3bd9-49e4-bcc4-fa487de8a27e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6746","slug":"woodmart","versionImpact":"8.2.3","versionEndExcluding":"8.2.4","description":"The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php files can be uploaded and included.","recommendation":"Update to version 8.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98c1363e-b25d-46fc-b6bf-0285a37f748c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98c1363e-b25d-46fc-b6bf-0285a37f748c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6743","slug":"woodmart","versionImpact":"8.2.3","versionEndExcluding":"8.2.4","description":"The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 8.2.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b881509-572b-4e2d-9e75-defaa2cc32dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b881509-572b-4e2d-9e75-defaa2cc32dc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12333","slug":"woodmart","versionImpact":"8.0.3","versionEndExcluding":"8.0.4","description":"The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 8.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/woodmart-woocommerce-wordpress-theme\\\/20264492\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1caa8baa-0783-4bc9-af03-46a3a2cf3538?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1caa8baa-0783-4bc9-af03-46a3a2cf3538?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5394","slug":"alone","versionImpact":"7.8.3","versionEndExcluding":"7.8.5","description":"The Alone \u2013 Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to upload zip files containing webshells disguised as plugins from remote locations to achieve remote code execution.","recommendation":"Update to version 7.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alone-charity-multipurpose-nonprofit-wordpress-theme\\\/15019939\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alone-charity-multipurpose-nonprofit-wordpress-theme\\\/15019939\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86f91589-b309-49aa-8b04-ca972acaf8fb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/86f91589-b309-49aa-8b04-ca972acaf8fb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5393","slug":"alone","versionImpact":"7.8.2","versionEndExcluding":"7.8.5","description":"The Alone \u2013 Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data() function in all versions up to, and including, 7.8.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"Update to version 7.8.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alone-charity-multipurpose-nonprofit-wordpress-theme\\\/15019939\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/alone-charity-multipurpose-nonprofit-wordpress-theme\\\/15019939\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cb1b526-0df6-42a1-9294-90bc61730209?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cb1b526-0df6-42a1-9294-90bc61730209?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1668","slug":"Avada","versionImpact":"","versionEndExcluding":"7.11.6","description":"The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's \"password\" field).","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd224169-ae51-4af8-b6de-706ed580ff8d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd224169-ae51-4af8-b6de-706ed580ff8d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/gist.github.com\\\/Xib3rR4dAr\\\/91bd37338022b15379f393356d1056a1\",\"name\":\"https:\\\/\\\/gist.github.com\\\/Xib3rR4dAr\\\/91bd37338022b15379f393356d1056a1\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13346","slug":"Avada","versionImpact":"7.11.13","versionEndExcluding":"7.11.14","description":"The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 7.11.14, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"name\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f2f390b-332b-452c-9fe7-ccd1a45390dd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1f2f390b-332b-452c-9fe7-ccd1a45390dd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3807","slug":"porto","versionImpact":"7.1.0","versionEndExcluding":"7.1.1","description":"The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. This was partially patched in version 7.1.0 and fully patched in version 7.1.1.","recommendation":"Update to version 7.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4bc3da9e-4b5f-4200-9df9-0ae953571377?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4bc3da9e-4b5f-4200-9df9-0ae953571377?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3806","slug":"porto","versionImpact":"7.1.0","versionEndExcluding":"7.1.1","description":"The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 7.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/porto-responsive-wordpress-ecommerce-theme\\\/9207399\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98ccc604-79c6-4be9-acb0-23fc82a31dfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/98ccc604-79c6-4be9-acb0-23fc82a31dfa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13695","slug":"enfold","versionImpact":"6.0.9","versionEndExcluding":"7.0","description":"The Enfold theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.9 via the 'attachment_id' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.","recommendation":"Update to version 7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/enfold-responsive-multipurpose-theme\\\/4519990#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/enfold-responsive-multipurpose-theme\\\/4519990#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b55722f9-a0b9-4484-bd3b-c21dbe5716ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b55722f9-a0b9-4484-bd3b-c21dbe5716ee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13693","slug":"enfold","versionImpact":"6.0.9","versionEndExcluding":"7.0","description":"The Enfold theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check in avia-export-class.php in all versions up to, and including, 6.0.9. This makes it possible for unauthenticated attackers to export all avia settings which may included sensitive information such as the Mailchimp API Key, reCAPTCHA Secret Key, or Envato private token if they are set.","recommendation":"Update to version 7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/enfold-responsive-multipurpose-theme\\\/4519990#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/enfold-responsive-multipurpose-theme\\\/4519990#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61a9ad18-28d4-488c-b3a7-e35745f9c83e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61a9ad18-28d4-488c-b3a7-e35745f9c83e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6990","slug":"weaver-xtreme","versionImpact":"","versionEndExcluding":"6.4.0","description":"The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=212828%40weaver-xtreme&new=212828%40weaver-xtreme&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=212828%40weaver-xtreme&new=212828%40weaver-xtreme&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36711","slug":"Avada","versionImpact":"","versionEndExcluding":"6.2.3","description":"The Avada theme for WordPress is vulnerable to Stored Cross-Site Scripting via the update_layout function in versions up to, and including, 6.2.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers, and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/avada-wordpress-theme-fixed-multiple-vulnerabilities\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/avada-wordpress-theme-fixed-multiple-vulnerabilities\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/684a1e8e-30f2-47dd-9df6-145198030c52?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/684a1e8e-30f2-47dd-9df6-145198030c52?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/theme-fusion.com\\\/security-fix-added-in-6-2-3\\\/\",\"name\":\"https:\\\/\\\/theme-fusion.com\\\/security-fix-added-in-6-2-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-1403","slug":"weaver-xtreme","versionImpact":"","versionEndExcluding":"6.2","description":"The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/weaver-xtreme\\\/5.0.7\\\/includes\\\/lib-content.php#L1081\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/weaver-xtreme\\\/5.0.7\\\/includes\\\/lib-content.php#L1081\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b2bef63-c871-45e4-bb05-12bbba20ca5e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b2bef63-c871-45e4-bb05-12bbba20ca5e?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-50892","slug":"thegem","versionImpact":"","versionEndExcluding":"5.9.2","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n\/a through 5.9.1.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/thegem\\\/wordpress-thegem-theme-5-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/thegem\\\/wordpress-thegem-theme-5-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4322","slug":"motors","versionImpact":"5.6.67","versionEndExcluding":"5.6.68","description":"The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user passwords, including those of administrators, and leverage that to gain access to their account.","recommendation":"Update to version 5.6.68, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/themeforest.net\\\/item\\\/motors-car-dealership-wordpress-theme\\\/13987211\",\"name\":\"http:\\\/\\\/themeforest.net\\\/item\\\/motors-car-dealership-wordpress-theme\\\/13987211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61820ca5-5548-4155-b350-df3db1bc1661?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/61820ca5-5548-4155-b350-df3db1bc1661?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13738","slug":"motors","versionImpact":"5.6.65","versionEndExcluding":"5.6.66","description":"The The Motors - Car Dealer, Rental & Listing WordPress theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.6.65. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.\r\n\r\n*It is unclear exactly which version the issue was patched in from the changelog. Therefore, we used the latest version at the time of verification.","recommendation":"Update to version 5.6.66, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/stylemixthemes.com\\\/motors\\\/\",\"name\":\"https:\\\/\\\/stylemixthemes.com\\\/motors\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/motors-automotive-cars-vehicle-boat-dealership-classifieds-wordpress-theme\\\/13987211\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/motors-automotive-cars-vehicle-boat-dealership-classifieds-wordpress-theme\\\/13987211\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4635f5c1-c326-4f53-bc54-a402cf5dae00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4635f5c1-c326-4f53-bc54-a402cf5dae00?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2798","slug":"woffice","versionImpact":"5.4.21","versionEndExcluding":"5.4.22","description":"The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.","recommendation":"Update to version 5.4.22, or a newer patched version","refs":"[{\"url\":\"http:\\\/\\\/localhost\\\/wp-content\\\/themes\\\/woffice\\\/inc\\\/classes\\\/Woffice_Register.php#L405\",\"name\":\"http:\\\/\\\/localhost\\\/wp-content\\\/themes\\\/woffice\\\/inc\\\/classes\\\/Woffice_Register.php#L405\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog#april-1st-2025-version-5422\",\"name\":\"https:\\\/\\\/hub.woffice.io\\\/woffice\\\/changelog#april-1st-2025-version-5422\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dd6169b-bc94-4642-8975-2e96bc01576f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6dd6169b-bc94-4642-8975-2e96bc01576f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12922","slug":"altair","versionImpact":"5.2.4","versionEndExcluding":"5.2.5","description":"The Altair theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check within functions.php in all versions up to, and including, 5.2.4. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 5.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/tour-travel-agency-altair-theme\\\/9318575\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/tour-travel-agency-altair-theme\\\/9318575\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/tour-travel-agency-altair-theme\\\/9318575#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/tour-travel-agency-altair-theme\\\/9318575#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e27971a3-f84c-4f13-81af-127e7560566a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e27971a3-f84c-4f13-81af-127e7560566a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6339","slug":"phlox-pro","versionImpact":"5.16.4","versionEndExcluding":"5.16.5","description":"The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 5.16.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b5ad113-f739-455a-9db6-b4f300b92837?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2b5ad113-f739-455a-9db6-b4f300b92837?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/owasp.org\\\/www-community\\\/attacks\\\/xss\\\/\",\"name\":\"https:\\\/\\\/owasp.org\\\/www-community\\\/attacks\\\/xss\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/skmorshed75\\\/ferdykorp\\\/blob\\\/9176d0782558ac2bd620777174e942cefc27fb21\\\/wp-content\\\/themes\\\/phlox\\\/templates\\\/theme-parts\\\/entry\\\/search-advanced.php#L69\",\"name\":\"https:\\\/\\\/github.com\\\/skmorshed75\\\/ferdykorp\\\/blob\\\/9176d0782558ac2bd620777174e942cefc27fb21\\\/wp-content\\\/themes\\\/phlox\\\/templates\\\/theme-parts\\\/entry\\\/search-advanced.php#L69\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4339","slug":"thegem","versionImpact":"5.10.3","versionEndExcluding":"5.10.3.1","description":"The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options.","recommendation":"Update to version 5.10.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codex-themes.com\\\/thegem\\\/changelog.html\",\"name\":\"https:\\\/\\\/codex-themes.com\\\/thegem\\\/changelog.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/thegem-creative-multipurpose-highperformance-wordpress-theme\\\/16061685\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/thegem-creative-multipurpose-highperformance-wordpress-theme\\\/16061685\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2358979-25b9-4c52-88dc-25390be6bd22?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f2358979-25b9-4c52-88dc-25390be6bd22?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4317","slug":"thegem","versionImpact":"5.10.3","versionEndExcluding":"5.10.3.1","description":"The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 5.10.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/codex-themes.com\\\/thegem\\\/changelog.html\",\"name\":\"https:\\\/\\\/codex-themes.com\\\/thegem\\\/changelog.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/thegem-creative-multipurpose-highperformance-wordpress-theme\\\/16061685\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/thegem-creative-multipurpose-highperformance-wordpress-theme\\\/16061685\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d379bc09-7788-4a29-b23f-7f42afe04fd4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d379bc09-7788-4a29-b23f-7f42afe04fd4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12857","slug":"adforest","versionImpact":"5.1.8","versionEndExcluding":"5.1.9","description":"The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number.","recommendation":"Update to version 5.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ff3b4f1-dd36-43d0-b472-55a940907437?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ff3b4f1-dd36-43d0-b472-55a940907437?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12855","slug":"adforest","versionImpact":"5.1.7","versionEndExcluding":"5.1.8","description":"The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license.","recommendation":"Update to version 5.1.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db7f5553-758b-47ab-8319-a549b73f4cfa?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db7f5553-758b-47ab-8319-a549b73f4cfa?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11350","slug":"adforest","versionImpact":"5.1.6","versionEndExcluding":"5.1.7","description":"The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 5.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ebb766a-44e9-460c-be84-356b7403e593?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4ebb766a-44e9-460c-be84-356b7403e593?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11349","slug":"adforest","versionImpact":"5.1.6","versionEndExcluding":"5.1.7","description":"The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.","recommendation":"Update to version 5.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/adforest-classified-wordpress-theme\\\/19481695\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f374b3d1-820b-473f-8d2b-c3267e6d23d9?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f374b3d1-820b-473f-8d2b-c3267e6d23d9?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10470","slug":"wplms","versionImpact":"4.962","versionEndExcluding":"4.963","description":"The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.","recommendation":"Update to version 4.963, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1932c9b4-2fea-40f8-9748-09ded8143c11?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1932c9b4-2fea-40f8-9748-09ded8143c11?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wplms-learning-management-system\\\/6780226\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wplms-learning-management-system\\\/6780226\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12920","slug":"wp-foodbakery","versionImpact":"4.7","versionEndExcluding":"4.8","description":"The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions in all versions up to, and including, 4.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options.","recommendation":"Update to version 4.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9af8267f-48b1-4537-8985-6af1245ceed5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9af8267f-48b1-4537-8985-6af1245ceed5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4601","slug":"realhomes","versionImpact":"4.4.0","versionEndExcluding":"4.4.1","description":"The \"RH - Real Estate WordPress Theme\" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.","recommendation":"Update to version 4.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/real-homes-wordpress-real-estate-theme\\\/5373914\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/real-homes-wordpress-real-estate-theme\\\/5373914\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a816e5a8-2494-4bcf-869d-5214b21f7791?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a816e5a8-2494-4bcf-869d-5214b21f7791?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36755","slug":"customizr","versionImpact":"4.3.0","versionEndExcluding":"4.3.1","description":"The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.3.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/customizr\\\/4.3.1\\\/core\\\/czr-admin-ccat.php?rev=135570#L1764\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/customizr\\\/4.3.1\\\/core\\\/czr-admin-ccat.php?rev=135570#L1764\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9f6b600-a35a-49c2-8758-a7cc5c00e947?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d9f6b600-a35a-49c2-8758-a7cc5c00e947?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2101","slug":"edumall","versionImpact":"4.2.4","versionEndExcluding":"4.3.0","description":"The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumall_lazy_load_template' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included.","recommendation":"Update to version 4.3.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/changelog.thememove.com\\\/edumall\\\/\",\"name\":\"https:\\\/\\\/changelog.thememove.com\\\/edumall\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a4a0c26-6b7b-4dcf-a266-a6548431e6a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a4a0c26-6b7b-4dcf-a266-a6548431e6a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5533","slug":"Divi","versionImpact":"4.25.1","versionEndExcluding":"4.25.2","description":"The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.25.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6571a899-f217-434f-bbed-b1faf77a8d8b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6571a899-f217-434f-bbed-b1faf77a8d8b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.elegantthemes.com\\\/api\\\/changelog\\\/divi.txt\",\"name\":\"https:\\\/\\\/www.elegantthemes.com\\\/api\\\/changelog\\\/divi.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-6744","slug":"Divi","versionImpact":"","versionEndExcluding":"4.23.2","description":"The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/999475c5-5f17-47fa-a0d0-47cb5a8a0eb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/999475c5-5f17-47fa-a0d0-47cb5a8a0eb4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.elegantthemes.com\\\/api\\\/changelog\\\/divi.txt\",\"name\":\"https:\\\/\\\/www.elegantthemes.com\\\/api\\\/changelog\\\/divi.txt\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6991","slug":"kallyas","versionImpact":"4.21.0","versionEndExcluding":"4.22.0","description":"The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'TH_LatestPosts4` widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.","recommendation":"Update to version 4.22.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/kallyas-responsive-multipurpose-wordpress-theme\\\/4091658\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/kallyas-responsive-multipurpose-wordpress-theme\\\/4091658\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de1bcbea-5539-456f-94dc-c70fb7acc455?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/de1bcbea-5539-456f-94dc-c70fb7acc455?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6989","slug":"kallyas","versionImpact":"4.21.0","versionEndExcluding":"4.22.0","description":"The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary folders on the server.","recommendation":"Update to version 4.22.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/kallyas-responsive-multipurpose-wordpress-theme\\\/4091658\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/kallyas-responsive-multipurpose-wordpress-theme\\\/4091658\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a8a3607-4f2e-44fb-8141-75f7620508d4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9a8a3607-4f2e-44fb-8141-75f7620508d4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13698","slug":"jobify","versionImpact":"4.2.7","versionEndExcluding":"4.2.8","description":"The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key.","recommendation":"Update to version 4.2.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobify-wordpress-job-board-theme\\\/5247604\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jobify-wordpress-job-board-theme\\\/5247604\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/393811e4-71dd-4359-80fa-5a3d146439bb?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/393811e4-71dd-4359-80fa-5a3d146439bb?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0837","slug":"puzzles","versionImpact":"4.2.6","versionEndExcluding":"4.2.7","description":"The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/puzzles-wordpress-magazinereview-with-wooc\\\/5690583\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/puzzles-wordpress-magazinereview-with-wooc\\\/5690583\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/669e3015-b64c-440d-bc06-db4828c07196?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/669e3015-b64c-440d-bc06-db4828c07196?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13770","slug":"puzzles","versionImpact":"4.2.4","versionEndExcluding":"4.2.5","description":"The Puzzles | WP Magazine \/ Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. The developer opted to remove the software from the repository, so an update is not available and it is recommended to find a replacement software.","recommendation":"Update to version 4.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/puzzles-wordpress-magazinereview-with-wooc\\\/5690583\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/puzzles-wordpress-magazinereview-with-wooc\\\/5690583\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/950d1c8f-6715-4b0d-bf3d-af978a146838?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/950d1c8f-6715-4b0d-bf3d-af978a146838?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13769","slug":"puzzles","versionImpact":"4.2.4","versionEndExcluding":"4.2.5","description":"The Puzzles | WP Magazine \/ Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up to, and including, 4.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and inject malicious web scripts. The developer opted to remove the software from the repository, so an update is not available and it is recommended to find a replacement software.","recommendation":"Update to version 4.2.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/puzzles-wordpress-magazinereview-with-wooc\\\/5690583\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/puzzles-wordpress-magazinereview-with-wooc\\\/5690583\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c22d064-348d-4335-beaf-22dcdcf88518?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3c22d064-348d-4335-beaf-22dcdcf88518?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13824","slug":"ciyashop","versionImpact":"4.19.0","versionEndExcluding":"4.19.1","description":"The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 4.19.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme\\\/22055376#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme\\\/22055376#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b69c86f4-d81d-4e14-baff-3402008bb9c6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b69c86f4-d81d-4e14-baff-3402008bb9c6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8595","slug":"zakra","versionImpact":"4.1.5","versionEndExcluding":"4.1.6","description":"The Zakra theme for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo settings.","recommendation":"Update to version 4.1.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-8595\\\/\",\"name\":\"https:\\\/\\\/research.cleantalk.org\\\/cve-2025-8595\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=281307%40zakra%2F4.1.6&old=276128%40zakra%2F4.1.5\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=281307%40zakra%2F4.1.6&old=276128%40zakra%2F4.1.5\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4da012dc-7e58-479a-813e-762eb28297bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4da012dc-7e58-479a-813e-762eb28297bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8891","slug":"oceanwp","versionImpact":"4.1.1","versionEndExcluding":"4.1.2","description":"The OceanWP theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.0.9 to 4.1.1. This is due to missing or incorrect nonce validation on the oceanwp_notice_button_click() function. This makes it possible for unauthenticated attackers to install the Ocean Extra plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 4.1.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/283264\\\/oceanwp\\\/4.1.2\\\/inc\\\/activation-notice\\\/api.php\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/283264\\\/oceanwp\\\/4.1.2\\\/inc\\\/activation-notice\\\/api.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c6f9a3d-54a6-4405-b42b-37fc8342af96?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9c6f9a3d-54a6-4405-b42b-37fc8342af96?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5524","slug":"oceanwp","versionImpact":"4.0.9","versionEndExcluding":"4.1.0","description":"The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 4.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/oceanwp\\\/4.0.9\\\/assets\\\/js\\\/select.min.js\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/oceanwp\\\/4.0.9\\\/assets\\\/js\\\/select.min.js\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/276114\\\/\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/276114\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37b085f9-3b15-44aa-9ba0-de5321dfbce4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/37b085f9-3b15-44aa-9ba0-de5321dfbce4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2526","slug":"streamit","versionImpact":"4.0.2","versionEndExcluding":"4.0.3","description":"The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"Update to version 4.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/documentation.iqonic.design\\\/streamit\\\/change-log\\\/streamit-v4-0\\\/\",\"name\":\"https:\\\/\\\/documentation.iqonic.design\\\/streamit\\\/change-log\\\/streamit-v4-0\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/streamit-video-streaming-wordpress-theme\\\/29772881\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/streamit-video-streaming-wordpress-theme\\\/29772881\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/057abffb-1c52-49ca-8791-ca44f0c5a011?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/057abffb-1c52-49ca-8791-ca44f0c5a011?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12781","slug":"aurum","versionImpact":"4.0.2","versionEndExcluding":"4.0.3","description":"The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content.","recommendation":"Update to version 4.0.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/documentation.laborator.co\\\/kb\\\/aurum\\\/aurum-release-notes\\\/\",\"name\":\"https:\\\/\\\/documentation.laborator.co\\\/kb\\\/aurum\\\/aurum-release-notes\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd132aa5-d30a-41de-aa8d-aefae6c95c47?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cd132aa5-d30a-41de-aa8d-aefae6c95c47?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2525","slug":"streamit","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/documentation.iqonic.design\\\/streamit\\\/change-log\\\/streamit-v4-0\\\/\",\"name\":\"https:\\\/\\\/documentation.iqonic.design\\\/streamit\\\/change-log\\\/streamit-v4-0\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/streamit-video-streaming-wordpress-theme\\\/29772881\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/streamit-video-streaming-wordpress-theme\\\/29772881\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a58119-d0ed-47fe-93d1-1aa1def2cf44?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/83a58119-d0ed-47fe-93d1-1aa1def2cf44?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2519","slug":"streamit","versionImpact":"4.0.1","versionEndExcluding":"4.0.2","description":"The Sreamit theme for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 4.0.1. This is due to insufficient file validation in the 'st_send_download_file' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files.","recommendation":"Update to version 4.0.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/documentation.iqonic.design\\\/streamit\\\/change-log\\\/streamit-v4-0\\\/\",\"name\":\"https:\\\/\\\/documentation.iqonic.design\\\/streamit\\\/change-log\\\/streamit-v4-0\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/streamit-video-streaming-wordpress-theme\\\/29772881\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/streamit-video-streaming-wordpress-theme\\\/29772881\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd28c405-ed2f-435a-806c-1fc43cac0f80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fd28c405-ed2f-435a-806c-1fc43cac0f80?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8198","slug":"minimog","versionImpact":"3.9.0","versionEndExcluding":"3.9.1","description":"The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to price manipulation in all versions up to, and including, 3.9.0. This is due to an insufficient check on quantity values when changing quantities in the cart. This makes it possible for unauthenticated attackers to add items to the cart and adjust the quantity to a fractional amount, causing the price to change based on the fractional amount. The vulnerability cannot be exploited if WooCommerce version 9.8.2+ is installed.","recommendation":"Update to version 3.9.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/changelog.thememove.com\\\/minimog-wp\\\/\",\"name\":\"https:\\\/\\\/changelog.thememove.com\\\/minimog-wp\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfea0427-78dc-4151-864a-63b6761fc294?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cfea0427-78dc-4151-864a-63b6761fc294?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36704","slug":"fruitful","versionImpact":"","versionEndExcluding":"3.8.2","description":"The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49cf047f-4e8c-4f37-b8c0-d931c02fda7c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/49cf047f-4e8c-4f37-b8c0-d931c02fda7c?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13790","slug":"minimog","versionImpact":"3.7.0","versionEndExcluding":"3.8.0","description":"The MinimogWP \u2013 The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 3.8.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/changelog.thememove.com\\\/minimog-wp\\\/\",\"name\":\"https:\\\/\\\/changelog.thememove.com\\\/minimog-wp\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/minimog-the-high-converting-ecommerce-wordpress-theme\\\/36947163\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/minimog-the-high-converting-ecommerce-wordpress-theme\\\/36947163\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3ae0e08-5cdc-47ff-b094-3920d56a50f7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3ae0e08-5cdc-47ff-b094-3920d56a50f7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13656","slug":"click-mag","versionImpact":"3.6.0","versionEndExcluding":"3.7.0","description":"The Click Mag - Viral WordPress News Magazine\/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.","recommendation":"Update to version 3.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/click-mag-viral-wordpress-news-magazineblog-theme\\\/18081003\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/click-mag-viral-wordpress-news-magazineblog-theme\\\/18081003\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee5df5fe-4213-4d36-aa8f-7eb2710c32b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ee5df5fe-4213-4d36-aa8f-7eb2710c32b6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36753","slug":"hueman","versionImpact":"3.6.3","versionEndExcluding":"3.6.4","description":"The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 3.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/hueman\\\/3.6.4\\\/option-tree\\\/includes\\\/class-ot-meta-box.php#L207\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/hueman\\\/3.6.4\\\/option-tree\\\/includes\\\/class-ot-meta-box.php#L207\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/25-wordpress-plugins-vulnerable-to-csrf-attacks\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d54b4dc9-8590-433c-873a-efb49e2e79cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d54b4dc9-8590-433c-873a-efb49e2e79cd?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5\\\/\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13786","slug":"education","versionImpact":"3.6.10","versionEndExcluding":"3.6.11","description":"The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"Update to version 3.6.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/education-center-training-courses-wordpress-theme\\\/10652918#item-description__change-log\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/education-center-training-courses-wordpress-theme\\\/10652918#item-description__change-log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0b27bc8-617a-4f98-954f-e49f87dca311?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0b27bc8-617a-4f98-954f-e49f87dca311?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6758","slug":"real-spaces","versionImpact":"3.6","versionEndExcluding":"3.6.1","description":"The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during user registration.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/real-spaces-wordpress-real-estate-theme\\\/8219779\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/real-spaces-wordpress-real-estate-theme\\\/8219779\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2b24858-dfcd-46f3-9552-c7acc63a1ee7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e2b24858-dfcd-46f3-9552-c7acc63a1ee7?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1285","slug":"resido","versionImpact":"3.6","versionEndExcluding":"3.6.1","description":"The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to internal services and update API key details.","recommendation":"Update to version 3.6.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/resido-real-estate-wordpress-theme\\\/31804443\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/resido-real-estate-wordpress-theme\\\/31804443\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3512ce8f-b7a6-4a6f-a141-bca08c183882?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3512ce8f-b7a6-4a6f-a141-bca08c183882?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13655","slug":"flex-mag","versionImpact":"3.5.2","versionEndExcluding":"3.6.0","description":"The Flex Mag - Responsive WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.","recommendation":"Update to version 3.6.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/flex-mag-responsive-wordpress-news-theme\\\/12772303\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/flex-mag-responsive-wordpress-news-theme\\\/12772303\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23f53ff1-f0bc-4ad3-9b9e-cf365f064066?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23f53ff1-f0bc-4ad3-9b9e-cf365f064066?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-8218","slug":"real-spaces","versionImpact":"3.5","versionEndExcluding":"3.6","description":"The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5. This is due to a lack of restriction in the profile update role. This makes it possible for unauthenticated attackers to arbitrarily choose their role, including the Administrator role, during a profile update.","recommendation":"Update to version 3.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/real-spaces-wordpress-real-estate-theme\\\/8219779\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/real-spaces-wordpress-real-estate-theme\\\/8219779\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d07880b-9af1-4b1e-aa70-b95ef10a6e33?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2d07880b-9af1-4b1e-aa70-b95ef10a6e33?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2891","slug":"realestate-7","versionImpact":"3.5.4","versionEndExcluding":"3.5.5","description":"The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.","recommendation":"Update to version 3.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/contempothemes.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/contempothemes.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13421","slug":"realestate-7","versionImpact":"3.5.1","versionEndExcluding":"3.5.2","description":"The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.","recommendation":"Update to version 3.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/contempothemes.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/contempothemes.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme\\\/12473778\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme\\\/12473778\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12827","slug":"dwt-listing","versionImpact":"3.3.6","versionEndExcluding":"3.3.7","description":"The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 3.3.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/dwt-listing-directory-listing-wordpress-theme\\\/21976132\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/dwt-listing-directory-listing-wordpress-theme\\\/21976132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51fc7d47-2a0f-4713-9859-120321aa32dc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51fc7d47-2a0f-4713-9859-120321aa32dc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0169","slug":"dwt-listing","versionImpact":"3.3.4","versionEndExcluding":"3.3.5","description":"The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.3.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/dwt-listing-directory-listing-wordpress-theme\\\/21976132\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/dwt-listing-directory-listing-wordpress-theme\\\/21976132\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be0c29a3-0b78-4259-a514-c3674d9d5d55?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/be0c29a3-0b78-4259-a514-c3674d9d5d55?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0170","slug":"dwt-listing","versionImpact":"3.3.3","versionEndExcluding":"3.3.4","description":"The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.3.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/scriptsbundle.gitbook.io\\\/dwt-directory-and-listing-wordpress-theme\",\"name\":\"https:\\\/\\\/scriptsbundle.gitbook.io\\\/dwt-directory-and-listing-wordpress-theme\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d607e7c0-7812-4c77-a763-6095677b3525?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d607e7c0-7812-4c77-a763-6095677b3525?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12811","slug":"traveler","versionImpact":"3.1.9","versionEndExcluding":"3.2.0","description":"The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 3.2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"name\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a09298b3-3b5c-4a92-9332-79ff83234479?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a09298b3-3b5c-4a92-9332-79ff83234479?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5156","slug":"flatsome","versionImpact":"3.18.7","versionEndExcluding":"3.19.0","description":"The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.19.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf6c13de-e666-4c80-aa4c-6f610d899d03?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cf6c13de-e666-4c80-aa4c-6f610d899d03?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/flatsome-multipurpose-responsive-woocommerce-theme\\\/5484319#item-description__change-log\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/flatsome-multipurpose-responsive-woocommerce-theme\\\/5484319#item-description__change-log\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5346","slug":"flatsome","versionImpact":"3.18.7","versionEndExcluding":"3.19.0","description":"The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 3.19.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11d4c028-94c1-4b78-92f8-0f3303725651?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/11d4c028-94c1-4b78-92f8-0f3303725651?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/flatsome-multipurpose-responsive-woocommerce-theme\\\/5484319#item-description__change-log\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/flatsome-multipurpose-responsive-woocommerce-theme\\\/5484319#item-description__change-log\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11936","slug":"zox-news","versionImpact":"3.16.0","versionEndExcluding":"3.17.0","description":"The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 3.17.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zox-news-professional-wordpress-news-magazine-theme\\\/20381541\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zox-news-professional-wordpress-news-magazine-theme\\\/20381541\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f061e7f-6a87-4d4a-9b4e-8234883f2ebc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3f061e7f-6a87-4d4a-9b4e-8234883f2ebc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1778","slug":"art-theme","versionImpact":"3.12.2.3","versionEndExcluding":"3.12.3","description":"The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option.","recommendation":"Update to version 3.12.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/art-simple-clean-wordpress-theme-for-creatives\\\/20170299\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/art-simple-clean-wordpress-theme-for-creatives\\\/20170299\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c54c1fab-634d-4d1a-8234-8f1ae41c7cd4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c54c1fab-634d-4d1a-8234-8f1ae41c7cd4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1773","slug":"traveler","versionImpact":"3.1.8","versionEndExcluding":"3.1.9","description":"The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 3.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"name\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46c9dae7-d811-4b59-94c1-71a83652a14d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/46c9dae7-d811-4b59-94c1-71a83652a14d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1771","slug":"traveler","versionImpact":"3.1.8","versionEndExcluding":"3.1.9","description":"The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"Update to version 3.1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"name\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da3e3d6c-7643-4f22-aa88-2c4ce80aed1f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/da3e3d6c-7643-4f22-aa88-2c4ce80aed1f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11926","slug":"traveler","versionImpact":"3.1.6","versionEndExcluding":"3.1.7","description":"The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental',  'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information.","recommendation":"Update to version 3.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"name\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21c7537-8437-43aa-ab52-9e14d27a6e7f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d21c7537-8437-43aa-ab52-9e14d27a6e7f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11912","slug":"traveler","versionImpact":"3.1.6","versionEndExcluding":"3.1.7","description":"The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the \u2018order_id\u2019 parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 3.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"name\":\"https:\\\/\\\/travelerwp.com\\\/traveler-changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/febd1ff3-3a1a-49c2-b210-9e72051e3172?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/febd1ff3-3a1a-49c2-b210-9e72051e3172?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49187","slug":"adifier","versionImpact":"","versionEndExcluding":"3.1.4","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n\/a before 3.1.4.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/adifier\\\/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/adifier\\\/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49752","slug":"adifier-system","versionImpact":"","versionEndExcluding":"3.1.4","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n\/a before 3.1.4.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/adifier\\\/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/adifier\\\/wordpress-adifier-classified-ads-wordpress-theme-theme-3-9-3-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0679","slug":"colormag","versionImpact":"","versionEndExcluding":"3.1.3","description":"The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e982d457-29db-468f-88c3-5afe04002dcf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e982d457-29db-468f-88c3-5afe04002dcf?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/colormag\\\/3.1.2\\\/functions.php#L237\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/colormag\\\/3.1.2\\\/functions.php#L237\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7399","slug":"betheme","versionImpact":"28.1.3","versionEndExcluding":"28.1.4","description":"The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via an Elementor display setting in all versions up to, and including, 28.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 28.1.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb8756b-7c0f-4bc9-9e24-07598efa9eee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb8756b-7c0f-4bc9-9e24-07598efa9eee?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-3077","slug":"betheme","versionImpact":"28.0.3","versionEndExcluding":"28.0.4","description":"The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button shortcode and Custom CSS field in all versions up to, and including, 28.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 28.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.muffingroup.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/support.muffingroup.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a0a281d-840f-488f-b9ef-c0df8514b47c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7a0a281d-840f-488f-b9ef-c0df8514b47c?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0450","slug":"betheme","versionImpact":"27.6.1","versionEndExcluding":"27.6.2","description":"The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 27.6.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.muffingroup.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/support.muffingroup.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/340c14ea-70b9-4f60-84b3-97328432f110?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/340c14ea-70b9-4f60-84b3-97328432f110?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5567","slug":"betheme","versionImpact":"27.5.5","versionEndExcluding":"27.5.6","description":"The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.","recommendation":"Update to version 27.5.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dfaa23f-05df-423c-a5f6-02f2b714b5b6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5dfaa23f-05df-423c-a5f6-02f2b714b5b6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/support.muffingroup.com\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/support.muffingroup.com\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048#item-description__changelog\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13691","slug":"uncode","versionImpact":"2.9.1.6","versionEndExcluding":"2.9.1.7","description":"The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_recordMedia' function in all versions up to, and including, 2.9.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary files on the server.","recommendation":"Update to version 2.9.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"name\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d592141d-191b-4739-bc0a-07549ef2f31b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d592141d-191b-4739-bc0a-07549ef2f31b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13681","slug":"uncode","versionImpact":"2.9.1.6","versionEndExcluding":"2.9.1.7","description":"The Uncode theme for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'uncode_admin_get_oembed' function in all versions up to, and including, 2.9.1.6. This makes it possible for unauthenticated attackers to read arbitrary files on the server.","recommendation":"Update to version 2.9.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"name\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7914ebe6-b5e1-4a1a-8794-80f515e6c9f6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7914ebe6-b5e1-4a1a-8794-80f515e6c9f6?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13667","slug":"uncode","versionImpact":"2.9.1.6","versionEndExcluding":"2.9.1.7","description":"The Uncode theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018mle-description\u2019 parameter in all versions up to, and including, 2.9.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.9.1.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"name\":\"https:\\\/\\\/support.undsgn.com\\\/hc\\\/en-us\\\/articles\\\/213454129-Change-Log\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ee188cc-2c3f-45e7-b7ce-928242035e37?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7ee188cc-2c3f-45e7-b7ce-928242035e37?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-29432","slug":"houzez","versionImpact":"","versionEndExcluding":"2.8.3","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n\/a before 2.8.3.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/houzez\\\/wordpress-houzez-theme-2-8-3-unauth-sql-injection-sqli-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/houzez\\\/wordpress-houzez-theme-2-8-3-unauth-sql-injection-sqli-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2020-36719","slug":"listingpro","versionImpact":"","versionEndExcluding":"2.6.1","description":"The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary Plugin Installation, Activation and Deactivation in versions before 2.6.1. This is due to a missing capability check on the lp_cc_addons_actions function. This makes it possible for unauthenticated attackers to arbitrarily install, activate and deactivate any plugin.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-listingpro-theme-fixed-a-critical-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-listingpro-theme-fixed-a-critical-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listingpro-multipurpose-directory-theme\\\/19386460\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listingpro-multipurpose-directory-theme\\\/19386460\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1327","slug":"homey","versionImpact":"2.4.4","versionEndExcluding":"2.4.5","description":"The Homey theme for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.4 via the 'homey_delete_user_account' action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete other user's accounts.","recommendation":"Update to version 2.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38aa649c-e9d3-458b-b567-e2e751aaca00?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/38aa649c-e9d3-458b-b567-e2e751aaca00?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1326","slug":"homey","versionImpact":"2.4.4","versionEndExcluding":"2.4.5","description":"The Homey theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the homey_reservation_del() function in all versions up to, and including, 2.4.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary reservations and posts.","recommendation":"Update to version 2.4.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0ef3ae7-b3c0-4f54-a95d-9f8cf9497d8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c0ef3ae7-b3c0-4f54-a95d-9f8cf9497d8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12860","slug":"carspot","versionImpact":"2.4.3","versionEndExcluding":"2.4.4","description":"The CarSpot \u2013 Dealership Wordpress Classified Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.4.3. This is due to the plugin not properly validating a token prior to updating a user's password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 2.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/carspot-automotive-car-dealer-wordpress-classified-theme\\\/20195539\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/carspot-automotive-car-dealer-wordpress-classified-theme\\\/20195539\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1043dce-628f-485b-bc1c-b78938c2a6f5?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d1043dce-628f-485b-bc1c-b78938c2a6f5?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0749","slug":"homey","versionImpact":"2.4.3","versionEndExcluding":"2.4.4","description":"The Homey theme for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.3. This is due to the 'verification_id' value being set to empty, and the not empty check is missing in the dashboard user profile page. This makes it possible for unauthenticated attackers to log in to the first verified user.","recommendation":"Update to version 2.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/4407721124884-Changelog\",\"name\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/4407721124884-Changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05f87510-28c3-4ad1-b2be-2408a199cf68?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/05f87510-28c3-4ad1-b2be-2408a199cf68?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0748","slug":"homey","versionImpact":"2.4.3","versionEndExcluding":"2.4.4","description":"The Homey theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.3. This is due to missing or incorrect nonce validation on the 'homey_verify_user_manually' function. This makes it possible for unauthenticated attackers to update verify an user via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 2.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/4407721124884-Changelog\",\"name\":\"https:\\\/\\\/favethemes.zendesk.com\\\/hc\\\/en-us\\\/articles\\\/4407721124884-Changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a35a66c6-2a86-4f6e-b28e-d79e13489a49?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a35a66c6-2a86-4f6e-b28e-d79e13489a49?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13423","slug":"sparkling","versionImpact":"2.4.9","versionEndExcluding":"2.4.10","description":"The Sparkling theme for WordPress is vulnerable to unauthorized plugin activation\/deactivation due to a missing capability check on the 'sparkling_activate_plugin' and 'sparkling_deactivate_plugin' functions in versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to activate\/deactivate arbitrary plugins.","recommendation":"Update to version 2.4.10, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/sparkling\\\/2.4.9\\\/inc\\\/welcome-screen\\\/class-sparkling-welcome.php#L69\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/sparkling\\\/2.4.9\\\/inc\\\/welcome-screen\\\/class-sparkling-welcome.php#L69\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/sparkling\\\/2.4.9\\\/inc\\\/welcome-screen\\\/class-sparkling-welcome.php#L82\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/sparkling\\\/2.4.9\\\/inc\\\/welcome-screen\\\/class-sparkling-welcome.php#L82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fa8dba0-0227-428d-a6de-c4247c40e481?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1fa8dba0-0227-428d-a6de-c4247c40e481?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13867","slug":"listivo","versionImpact":"2.3.67","versionEndExcluding":"2.3.68","description":"The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.3.68, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listivo-classified-ads-wordpress-theme\\\/34032749\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listivo-classified-ads-wordpress-theme\\\/34032749\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/705c2322-bb52-4337-b0dd-6bf04bd1b0e0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/705c2322-bb52-4337-b0dd-6bf04bd1b0e0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9777","slug":"ashe","versionImpact":"2.243","versionEndExcluding":"2.244","description":"The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.244, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce6c2f36-9eed-482f-9201-8d26e8c5c369?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ce6c2f36-9eed-482f-9201-8d26e8c5c369?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/ashe\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/ashe\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/ashe\\\/2.242\\\/functions.php#L101\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/ashe\\\/2.242\\\/functions.php#L101\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/ashe\\\/2.242\\\/functions.php#L112\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/ashe\\\/2.242\\\/functions.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/248853\\\/\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/248853\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9830","slug":"bard","versionImpact":"2.216","versionEndExcluding":"2.217","description":"The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.217, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9aff1e5b-2f16-43d0-b75a-c07e59a9c15f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9aff1e5b-2f16-43d0-b75a-c07e59a9c15f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/bard\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/bard\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/bard\\\/2.216\\\/functions.php#L98\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/bard\\\/2.216\\\/functions.php#L98\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/bard\\\/2.216\\\/functions.php#L109\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/bard\\\/2.216\\\/functions.php#L109\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/248854\\\/\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/248854\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4524","slug":"madara","versionImpact":"2.2.2","versionEndExcluding":"2.2.2.1","description":"The Madara \u2013 Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"Update to version 2.2.2.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/mangabooth.com\\\/product\\\/wp-manga-theme-madara\\\/\",\"name\":\"https:\\\/\\\/mangabooth.com\\\/product\\\/wp-manga-theme-madara\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3ee01da-218a-421d-8f9c-1dc6c056ef74?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a3ee01da-218a-421d-8f9c-1dc6c056ef74?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49750","slug":"couponis-demo","versionImpact":"","versionEndExcluding":"2.2","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n\/a before 2.2.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/couponis\\\/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/couponis\\\/wordpress-couponis-affiliate-submitting-coupons-wordpress-theme-theme-3-1-7-sql-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13654","slug":"zoxpress","versionImpact":"2.12.0","versionEndExcluding":"2.12.1","description":"The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.","recommendation":"Update to version 2.12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zoxpress-allinone-wordpress-news-theme\\\/25586170\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zoxpress-allinone-wordpress-news-theme\\\/25586170\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f616be03-229b-4c50-b837-508da4d2b090?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f616be03-229b-4c50-b837-508da4d2b090?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13653","slug":"zoxpress","versionImpact":"2.12.0","versionEndExcluding":"2.12.1","description":"The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 2.12.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zoxpress-allinone-wordpress-news-theme\\\/25586170\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zoxpress-allinone-wordpress-news-theme\\\/25586170\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4599c7f-5e5d-4571-97d9-54d6fd0c9c63?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4599c7f-5e5d-4571-97d9-54d6fd0c9c63?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2235","slug":"himer","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/62c8a564-225e-4202-9bb0-03029fa4fd42\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/62c8a564-225e-4202-9bb0-03029fa4fd42\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-2234","slug":"himer","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/37018a3f-895f-48f7-b033-c051e2462830\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/37018a3f-895f-48f7-b033-c051e2462830\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-2233","slug":"himer","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/51d0311a-673b-4538-9427-a48e8c89e38b\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/51d0311a-673b-4538-9427-a48e8c89e38b\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2024-2040","slug":"himer","versionImpact":"2.1.0","versionEndExcluding":"2.1.1","description":"The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack","recommendation":"Update to version 2.1.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b97bbf0-c7d1-4e6c-bb80-f9bf45fbfe1e\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/1b97bbf0-c7d1-4e6c-bb80-f9bf45fbfe1e\\\/\",\"refsource\":\"\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]"}
{"CVE_ID":"CVE-2025-0952","slug":"eco-nature","versionImpact":"2.0.4","versionEndExcluding":"2.1.0","description":"The Eco Nature - Environment & Ecology WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' AJAX action in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.","recommendation":"Update to version 2.1.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/eco-nature-environment-ecology-wordpress-theme\\\/8497776\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/eco-nature-environment-ecology-wordpress-theme\\\/8497776\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba708a4f-d987-4d63-a218-2ed1c6daa010?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba708a4f-d987-4d63-a218-2ed1c6daa010?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-0316","slug":"westand","versionImpact":"","versionEndExcluding":"2.1","description":"The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/9ab3d6cf-aad7-41bc-9aae-dc5313f12f7c\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-11420","slug":"blocksy","versionImpact":"2.0.77","versionEndExcluding":"2.0.78","description":"The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.78, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/249744\\\/blocksy\\\/2.0.78\\\/inc\\\/components\\\/contacts-box.php\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/249744\\\/blocksy\\\/2.0.78\\\/inc\\\/components\\\/contacts-box.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02ad47d5-f011-4e0a-af29-088852d1e886?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/02ad47d5-f011-4e0a-af29-088852d1e886?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7435","slug":"attire","versionImpact":"2.0.6","versionEndExcluding":"2.0.7","description":"The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"Update to version 2.0.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f21cbe18-77e1-4a9a-96a0-74edaef0db3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f21cbe18-77e1-4a9a-96a0-74edaef0db3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=240321%40attire%2F2.0.7&old=231937%40attire%2F2.0.6\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=240321%40attire%2F2.0.7&old=231937%40attire%2F2.0.6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5439","slug":"blocksy","versionImpact":"2.0.50","versionEndExcluding":"2.0.51","description":"The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 2.0.51, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c05687f4-5ea2-4226-982f-c3499f204685?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c05687f4-5ea2-4226-982f-c3499f204685?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=229705%40blocksy%2F2.0.51&old=228990%40blocksy%2F2.0.50\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=229705%40blocksy%2F2.0.51&old=228990%40blocksy%2F2.0.50\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-0515","slug":"buzzclub","versionImpact":"2.0.4","versionEndExcluding":"2.0.5","description":"The Buzz Club \u2013 Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration.","recommendation":"Update to version 2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/buzz-club-night-club-dj-music-festival-event-wordpress-theme\\\/17973992\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/buzz-club-night-club-dj-music-festival-event-wordpress-theme\\\/17973992\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44ad056b-8995-4068-8b05-4fefb8d2ff0a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/44ad056b-8995-4068-8b05-4fefb8d2ff0a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-39310","slug":"basil","versionImpact":"2.0.4","versionEndExcluding":"2.0.5","description":"The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the `post_title` parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. Because the of the default WordPress validation, it is not possible to insert the payload directly but if the Cooked plugin is installed, it is possible to create a recipe post type (cp_recipe) and inject the payload in the title field. Version 2.0.5 contains a patch for the issue.","recommendation":"Update to version 2.0.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Basil\\\/security\\\/advisories\\\/GHSA-cr7v-8v2h-49vx\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Basil\\\/security\\\/advisories\\\/GHSA-cr7v-8v2h-49vx\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Basil\\\/commit\\\/e2b1dbf1637d1ec2663f9aa1a563b02dc76a8146\",\"name\":\"https:\\\/\\\/github.com\\\/XjSv\\\/Basil\\\/commit\\\/e2b1dbf1637d1ec2663f9aa1a563b02dc76a8146\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4943","slug":"blocksy","versionImpact":"2.0.46","versionEndExcluding":"2.0.47","description":"The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018has_field_link_rel\u2019 parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.47, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc7099d7-94fd-42be-a921-bfcad43ae252?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dc7099d7-94fd-42be-a921-bfcad43ae252?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=227333%40blocksy%2F2.0.47&old=227242%40blocksy%2F2.0.46\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=227333%40blocksy%2F2.0.47&old=227242%40blocksy%2F2.0.46\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4158","slug":"blocksy","versionImpact":"2.0.42","versionEndExcluding":"2.0.43","description":"The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tagName\u2019 parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.43, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22d1ccf3-ac1a-4dfc-81c3-b8eb88795bc1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22d1ccf3-ac1a-4dfc-81c3-b8eb88795bc1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/226440\\\/blocksy\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/226440\\\/blocksy\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6639","slug":"MDx","versionImpact":"2.0.3","versionEndExcluding":"2.0.4","description":"The MDx theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdx_list_item' shortcode in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23ae17a6-a745-42c4-8627-ad1c41b66e0e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/23ae17a6-a745-42c4-8627-ad1c41b66e0e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/yrccondor\\\/mdx\",\"name\":\"https:\\\/\\\/github.com\\\/yrccondor\\\/mdx\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/yrccondor\\\/mdx\\\/commit\\\/0906438824b8fab72715e7d5aec348aef0792721\",\"name\":\"https:\\\/\\\/github.com\\\/yrccondor\\\/mdx\\\/commit\\\/0906438824b8fab72715e7d5aec348aef0792721\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1767","slug":"blocksy","versionImpact":"2.0.26","versionEndExcluding":"2.0.27","description":"The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 2.0.27, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdeab668-9094-485f-aa01-13ba5c10ea89?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/fdeab668-9094-485f-aa01-13ba5c10ea89?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=219324%40blocksy&new=219324%40blocksy&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=219324%40blocksy&new=219324%40blocksy&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13529","slug":"socialv","versionImpact":"2.0.15","versionEndExcluding":"2.0.16","description":"The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.","recommendation":"Update to version 2.0.16, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/assets.iqonic.design\\\/documentation\\\/wordpress\\\/socialv-doc\\\/index.html#changelog\",\"name\":\"https:\\\/\\\/assets.iqonic.design\\\/documentation\\\/wordpress\\\/socialv-doc\\\/index.html#changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/socialv-community-buddypress-theme\\\/38612588\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/socialv-community-buddypress-theme\\\/38612588\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc0b766a-b7fd-4950-9868-de3308123229?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cc0b766a-b7fd-4950-9868-de3308123229?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-6495","slug":"bricks","versionImpact":"1.12.4","versionEndExcluding":"2.0","description":"The Bricks theme for WordPress is vulnerable to blind SQL Injection via the \u2018p\u2019 parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","recommendation":"Update to version 2.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-2-0\\\/#full-changelog\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-2-0\\\/#full-changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ac49a00-dabc-4cd9-9032-c038ede3fd8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ac49a00-dabc-4cd9-9032-c038ede3fd8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-27013","slug":"medicenter","versionImpact":"14.6","versionEndExcluding":"14.7","description":"Missing Authorization vulnerability in EPC MediCenter - Health Medical Clinic WordPress Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MediCenter - Health Medical Clinic WordPress Theme: from n\/a through n\/a.","recommendation":"Update to version 14.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/medicenter\\\/vulnerability\\\/wordpress-medicenter-theme-14-7-sensitive-data-exposure-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/medicenter\\\/vulnerability\\\/wordpress-medicenter-theme-14-7-sensitive-data-exposure-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-7726","slug":"dt-the7","versionImpact":"12.6.0","versionEndExcluding":"12.7.0","description":"The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and output escaping. The theme\u2019s JavaScript reads user-supplied 'title' and 'data-dt-img-description' attributes directly via jQuery.attr(), concatenates them into an HTML string, and inserts that string into the DOM using methods such as jQuery.html() without escaping or filtering. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 12.7.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/the7.io\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/the7.io\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/the7-responsive-multipurpose-wordpress-theme\\\/5556590\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/the7-responsive-multipurpose-wordpress-theme\\\/5556590\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/the7-responsive-multipurpose-wordpress-theme\\\/5556590#item-description__recent-updates\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/the7-responsive-multipurpose-wordpress-theme\\\/5556590#item-description__recent-updates\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5da295f3-ac54-4330-ac39-65225adeb93a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5da295f3-ac54-4330-ac39-65225adeb93a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3815","slug":"Newspaper","versionImpact":"12.6.5","versionEndExcluding":"12.6.6","description":"The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 12.6.6, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f0a332f-b761-44b3-86e8-82411455ba3e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f0a332f-b761-44b3-86e8-82411455ba3e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/newspaper\\\/5489609\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-8682","slug":"jnews","versionImpact":"11.6.6","versionEndExcluding":"11.6.7","description":"The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating a user though the register_handler() function. This makes it possible for unauthenticated attackers to register as a user even when user registration is disabled.","recommendation":"Update to version 11.6.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jnews-one-stop-solution-for-web-publishing\\\/20566392\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/jnews-one-stop-solution-for-web-publishing\\\/20566392\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b0d7ee7-a358-4487-a0cc-31ed810ae8bc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4b0d7ee7-a358-4487-a0cc-31ed810ae8bc?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5451","slug":"dt-the7","versionImpact":"11.13.0","versionEndExcluding":"11.14.0","description":"The The7 \u2014 Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 11.14.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4555cd1-5ae5-42b3-938f-ffce5ba4fe56?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c4555cd1-5ae5-42b3-938f-ffce5ba4fe56?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/the7-responsive-multipurpose-wordpress-theme\\\/5556590\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/the7-responsive-multipurpose-wordpress-theme\\\/5556590\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/the7.io\\\/changelog\\\/\",\"name\":\"https:\\\/\\\/the7.io\\\/changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2297","slug":"bricks","versionImpact":"1.9.6.1","versionEndExcluding":"1.9.7","description":"The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) \"Code Execution\" to be enabled for administrator-level users within the theme's settings.","recommendation":"Update to version 1.9.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-1-9-7\\\/\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-1-9-7\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb075e85-75fc-4008-8270-4d1064ace29e?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4946","slug":"vikinger","versionImpact":"1.9.32","versionEndExcluding":"1.9.33","description":"The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Note: Requires Vikinger Media plugin to be installed and active.","recommendation":"Update to version 1.9.33, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vikinger-buddypress-and-gamipress-social-community\\\/28612259\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vikinger-buddypress-and-gamipress-social-community\\\/28612259\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22d8f1db-1b7e-4b68-a381-01f51dd34b2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/22d8f1db-1b7e-4b68-a381-01f51dd34b2b?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2238","slug":"vikinger","versionImpact":"1.9.30","versionEndExcluding":"1.9.31","description":"The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the 'vikinger_user_meta_update_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator-level.","recommendation":"Update to version 1.9.31, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vikinger-buddypress-and-gamipress-social-community\\\/28612259\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/vikinger-buddypress-and-gamipress-social-community\\\/28612259\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e0cba5b-5833-4c02-ac17-830994b0f207?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/9e0cba5b-5833-4c02-ac17-830994b0f207?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10623","slug":"forumengine","versionImpact":"1.8","versionEndExcluding":"1.9","description":"The ForumEngine theme for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.enginethemes.com\\\/\",\"name\":\"https:\\\/\\\/www.enginethemes.com\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8bfdf39-2387-4a6f-ab85-6756a1e67305?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a8bfdf39-2387-4a6f-ab85-6756a1e67305?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10139","slug":"wplms","versionImpact":"1.8.4.1","versionEndExcluding":"1.9","description":"The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account.","recommendation":"Update to version 1.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/130291\\\/\",\"name\":\"https:\\\/\\\/packetstormsecurity.com\\\/files\\\/130291\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wplms-learning-management-system\\\/6780226\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wplms-learning-management-system\\\/6780226\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/twitter.com\\\/_wpscan_\\\/status\\\/564874637679820800?lang=ca\",\"name\":\"https:\\\/\\\/twitter.com\\\/_wpscan_\\\/status\\\/564874637679820800?lang=ca\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7785\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7785\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.rapid7.com\\\/db\\\/modules\\\/auxiliary\\\/admin\\\/http\\\/wp_wplms_privilege_escalation\\\/\",\"name\":\"https:\\\/\\\/www.rapid7.com\\\/db\\\/modules\\\/auxiliary\\\/admin\\\/http\\\/wp_wplms_privilege_escalation\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e0e8f5f-8216-4276-a810-860f9b52c447?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6e0e8f5f-8216-4276-a810-860f9b52c447?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1307","slug":"newscrunch","versionImpact":"1.8.4","versionEndExcluding":"1.8.4.1","description":"The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.8.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newscrunch\\\/1.8.3\\\/functions.php#L486\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newscrunch\\\/1.8.3\\\/functions.php#L486\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=261789%40newscrunch&new=261789%40newscrunch&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=261789%40newscrunch&new=261789%40newscrunch&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b55567e9-24e6-4738-b7f7-b95b541e6067?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b55567e9-24e6-4738-b7f7-b95b541e6067?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1306","slug":"newscrunch","versionImpact":"1.8.4","versionEndExcluding":"1.8.4.1","description":"The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.8.4.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newscrunch\\\/1.8.3\\\/functions.php#L486\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newscrunch\\\/1.8.3\\\/functions.php#L486\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=261789%40newscrunch&new=261789%40newscrunch&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=261789%40newscrunch&new=261789%40newscrunch&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c507681-61e9-4bf0-8fe5-e2f401a7a8be?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1c507681-61e9-4bf0-8fe5-e2f401a7a8be?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3409","slug":"bricks","versionImpact":"1.8.1","versionEndExcluding":"1.8.2","description":"The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16800ece-da9c-431b-a015-42bd30b646e2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/16800ece-da9c-431b-a015-42bd30b646e2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3408","slug":"bricks","versionImpact":"1.8.1","versionEndExcluding":"1.8.2","description":"The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.8.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d58fd503-84d0-4d62-9290-870b1dd32be7?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d58fd503-84d0-4d62-9290-870b1dd32be7?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13793","slug":"wolmart","versionImpact":"1.8.11","versionEndExcluding":"1.8.12","description":"The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.8.12, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wolmart-multivendor-marketplace-woocommerce-theme\\\/32947681#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/wolmart-multivendor-marketplace-woocommerce-theme\\\/32947681#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb57c97-f560-42d1-87bd-b19c60700956?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6eb57c97-f560-42d1-87bd-b19c60700956?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13376","slug":"industrial","versionImpact":"1.7.8","versionEndExcluding":"1.7.9","description":"The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.7.9, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/industrial-manufacturing-wordpress-theme\\\/15776179\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/industrial-manufacturing-wordpress-theme\\\/15776179\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e25ca990-eee1-4f72-b543-7a65bc4855a8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e25ca990-eee1-4f72-b543-7a65bc4855a8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13412","slug":"cozystay","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The CozyStay theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to execute arbitrary actions.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/cozystay-hotel-booking-wordpress-theme\\\/47383367#item-description__changelog\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/cozystay-hotel-booking-wordpress-theme\\\/47383367#item-description__changelog\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/67965a51-39d3-4d14-adf5-d91d4c775baf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4797","slug":"golo","versionImpact":"1.7.0","versionEndExcluding":"1.7.1","description":"The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.7.0. This is due to the plugin not properly validating a user's identity prior to setting an authorization cookie. This makes it possible for unauthenticated attackers to log in as any user, including administrators, provided they know the user's email address.","recommendation":"Update to version 1.7.1, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/golo-directory-listing-travel-wordpress-theme\\\/25397810\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/golo-directory-listing-travel-wordpress-theme\\\/25397810\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7b56ec1-8735-4404-8069-219f5d8866d0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e7b56ec1-8735-4404-8069-219f5d8866d0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25142","slug":"mesmerize","versionImpact":"","versionEndExcluding":"1.6.90","description":"The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4d70f03-69d5-4cca-8300-985f68d19ddc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4d70f03-69d5-4cca-8300-985f68d19ddc\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/materialis\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/materialis\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/mesmerize\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/mesmerize\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1687","slug":"cardealer","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'update_user_profile' function. This makes it possible for unauthenticated attackers to update the user email and password via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/webtemplatemasters.com\\\/cardealer\\\/changelog\\\/#v165\",\"name\":\"https:\\\/\\\/webtemplatemasters.com\\\/cardealer\\\/changelog\\\/#v165\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6305b7be-8651-4028-a8cf-ea58b4977225?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6305b7be-8651-4028-a8cf-ea58b4977225?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1682","slug":"cardealer","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user role.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/webtemplatemasters.com\\\/cardealer\\\/changelog\\\/#v165\",\"name\":\"https:\\\/\\\/webtemplatemasters.com\\\/cardealer\\\/changelog\\\/#v165\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e337281-f05e-486c-9491-161365af252a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/4e337281-f05e-486c-9491-161365af252a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1681","slug":"cardealer","versionImpact":"1.6.4","versionEndExcluding":"1.6.5","description":"The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files.","recommendation":"Update to version 1.6.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/webtemplatemasters.com\\\/cardealer\\\/changelog\\\/#v165\",\"name\":\"https:\\\/\\\/webtemplatemasters.com\\\/cardealer\\\/changelog\\\/#v165\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e394ee2-13c1-4b04-a8a5-4642f1794d59?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3e394ee2-13c1-4b04-a8a5-4642f1794d59?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1282","slug":"cardealer","versionImpact":"1.6.3","versionEndExcluding":"1.6.4","description":"The Car Dealer Automotive WordPress Theme \u2013 Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The add_car() function may also make it possible to read arbitrary files.","recommendation":"Update to version 1.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708?s_rank=7\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/car-dealer-automotive-wordpress-theme-responsive\\\/8574708?s_rank=7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/edf4b588-8b67-425a-b0e1-d4382cb88dd1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/edf4b588-8b67-425a-b0e1-d4382cb88dd1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1313","slug":"nokri","versionImpact":"1.6.3","versionEndExcluding":"1.6.4","description":"The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.","recommendation":"Update to version 1.6.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/nokri-job-board-wordpress-theme\\\/22677241\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/nokri-job-board-wordpress-theme\\\/22677241\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/507c2abd-47d3-4a28-a9b7-a1ad9b026e7d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/507c2abd-47d3-4a28-a9b7-a1ad9b026e7d?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12824","slug":"nokri","versionImpact":"1.6.2","versionEndExcluding":"1.6.3","description":"The Nokri \u2013 Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 1.6.3, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/nokri-job-board-wordpress-theme\\\/22677241\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/nokri-job-board-wordpress-theme\\\/22677241\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60a7cce0-637f-49bd-aa4a-fd7023d99a64?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/60a7cce0-637f-49bd-aa4a-fd7023d99a64?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12876","slug":"golo","versionImpact":"1.6.10","versionEndExcluding":"1.6.11","description":"The Golo - City Travel Guide WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.10. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"Update to version 1.6.11, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/golo-directory-listing-travel-wordpress-theme\\\/25397810\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/golo-directory-listing-travel-wordpress-theme\\\/25397810\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6cb81e5-61a4-4b67-a668-d8a7d46b2cea?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e6cb81e5-61a4-4b67-a668-d8a7d46b2cea?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-6987","slug":"orchid-store","versionImpact":"1.5.6","versionEndExcluding":"1.5.7","description":"The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchid_store_activate_plugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Addonify Floating Cart For WooCommerce plugin if it is installed.","recommendation":"Update to version 1.5.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5402f206-0375-4c47-8a5c-e8ea5742493d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5402f206-0375-4c47-8a5c-e8ea5742493d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/orchid-store\\\/1.5.6\\\/functions.php#L300\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/orchid-store\\\/1.5.6\\\/functions.php#L300\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/237704\\\/\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/237704\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10673","slug":"top-store","versionImpact":"1.5.4","versionEndExcluding":"1.5.5","description":"The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution.","recommendation":"Update to version 1.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80510ade-cb58-45b3-89f2-2cbbc5640cae?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/80510ade-cb58-45b3-89f2-2cbbc5640cae?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=247826%40top-store&new=247826%40top-store&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=247826%40top-store&new=247826%40top-store&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10674","slug":"th-shop-mania","versionImpact":"1.4.9","versionEndExcluding":"1.5.0","description":"The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation.","recommendation":"Update to version 1.5.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7832d37-19a9-491b-879e-4a22f2ba46ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b7832d37-19a9-491b-879e-4a22f2ba46ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.svn.wordpress.org\\\/th-shop-mania\\\/1.4.9\\\/lib\\\/notification\\\/notify.php\",\"name\":\"https:\\\/\\\/themes.svn.wordpress.org\\\/th-shop-mania\\\/1.4.9\\\/lib\\\/notification\\\/notify.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/th-shop-mania\\\/1.4.9\\\/lib\\\/notification\\\/notify.php\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/th-shop-mania\\\/1.4.9\\\/lib\\\/notification\\\/notify.php\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=247810%40th-shop-mania&new=247810%40th-shop-mania&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=247810%40th-shop-mania&new=247810%40th-shop-mania&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-10143","slug":"platform","versionImpact":"","versionEndExcluding":"1.4.4","description":"The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the *_ajax_save_options() function in all versions up to 1.4.4 (exclusive). This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.","recommendation":"Update to version 1.4.4, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/blog.sucuri.net\\\/2015\\\/01\\\/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html\",\"name\":\"https:\\\/\\\/blog.sucuri.net\\\/2015\\\/01\\\/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_platform_exec.rb\",\"name\":\"https:\\\/\\\/raw.githubusercontent.com\\\/rapid7\\\/metasploit-framework\\\/master\\\/modules\\\/exploits\\\/unix\\\/webapp\\\/wp_platform_exec.rb\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c16fab08-6b2c-433a-9105-fc15f5c52575?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c16fab08-6b2c-433a-9105-fc15f5c52575?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1093","slug":"aihub","versionImpact":"1.3.7","versionEndExcluding":"1.3.8","description":"The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 1.3.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/ai-hub-startup-technology-wordpress-theme\\\/47473638\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/ai-hub-startup-technology-wordpress-theme\\\/47473638\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09adfe7e-f154-4143-827f-957ded3ffc8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/09adfe7e-f154-4143-827f-957ded3ffc8f?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1943","slug":"yuki","versionImpact":"","versionEndExcluding":"1.3.15","description":"The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfb760fb-f281-4649-9bd3-92f8e281f07e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dfb760fb-f281-4649-9bd3-92f8e281f07e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/218603\\\/yuki\\\/1.3.15\\\/inc\\\/extensions\\\/class-reset-extension.php\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/218603\\\/yuki\\\/1.3.15\\\/inc\\\/extensions\\\/class-reset-extension.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10250","slug":"nioland","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018s\u2019 parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e13c6d97-873a-4067-846d-92e54514645d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e13c6d97-873a-4067-846d-92e54514645d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/nioland-saas-software-startup-tech-wordpress-theme\\\/47895474#item-description__change-log\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/nioland-saas-software-startup-tech-wordpress-theme\\\/47895474#item-description__change-log\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5587","slug":"appzend","versionImpact":"1.2.6","versionEndExcluding":"1.2.7","description":"The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018progressbarLayout\u2019 parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.2.7, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/appzend\\\/1.2.6\\\/blocks-extends\\\/blocks\\\/progressbar.php#L44\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/appzend\\\/1.2.6\\\/blocks-extends\\\/blocks\\\/progressbar.php#L44\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/281244\\\/\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/281244\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/appzend\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/appzend\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51214cd0-23a6-48ba-a3d8-4d9a0a9e52df?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/51214cd0-23a6-48ba-a3d8-4d9a0a9e52df?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13797","slug":"pressmart","versionImpact":"1.2.16","versionEndExcluding":"1.2.17","description":"The PressMart - Modern Elementor WooCommerce WordPress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.16. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"Update to version 1.2.17, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/pressmart-modern-elementor-woocommerce-wordpress-theme\\\/39241221\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/pressmart-modern-elementor-woocommerce-wordpress-theme\\\/39241221\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24aa6c0b-88bc-4c3e-ada7-2e89d84bdfc3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/24aa6c0b-88bc-4c3e-ada7-2e89d84bdfc3?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3410","slug":"bricks","versionImpact":"1.10.1","versionEndExcluding":"1.10.2","description":"The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder (admin-only by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This becomes more of an issue when Bricks Builder access is granted to lower-privileged users.","recommendation":"Update to version 1.10.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba5e93a2-8f42-4747-86fa-297ba709be8f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ba5e93a2-8f42-4747-86fa-297ba709be8f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-1-10-2\\\/\",\"name\":\"https:\\\/\\\/bricksbuilder.io\\\/release\\\/bricks-1-10-2\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3204","slug":"materialis","versionImpact":"1.1.24","versionEndExcluding":"1.1.30","description":"The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value.","recommendation":"Update to version 1.1.30, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2e05094-8344-4388-a703-518daf3d2948?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a2e05094-8344-4388-a703-518daf3d2948?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/materialis\\\/1.1.20\\\/inc\\\/companion.php#L45\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/materialis\\\/1.1.20\\\/inc\\\/companion.php#L45\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=231816%40materialis&new=231816%40materialis&sfp_email=&sfph_mail=#file6\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=231816%40materialis&new=231816%40materialis&sfp_email=&sfph_mail=#file6\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10836","slug":"flixita","versionImpact":"1.0.82","versionEndExcluding":"1.0.83","description":"The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018id\u2019 parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.83, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/flixita\\\/1.0.76\\\/core\\\/customizer\\\/customizer-notice\\\/flixita-customizer-notify.php#L147\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/flixita\\\/1.0.76\\\/core\\\/customizer\\\/customizer-notice\\\/flixita-customizer-notify.php#L147\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/flixita\\\/1.0.76\\\/core\\\/customizer\\\/customizer-notice\\\/flixita-customizer-notify.php#L188\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/flixita\\\/1.0.76\\\/core\\\/customizer\\\/customizer-notice\\\/flixita-customizer-notify.php#L188\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=250697%40flixita%2F1.0.83&old=250119%40flixita%2F1.0.82\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=250697%40flixita%2F1.0.83&old=250119%40flixita%2F1.0.82\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/flixita\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/flixita\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/131b5d57-2af1-4cc5-8b4e-019a050c3bb8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/131b5d57-2af1-4cc5-8b4e-019a050c3bb8?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-4017","slug":"goya","versionImpact":"1.0.8.7","versionEndExcluding":"1.0.8.8","description":"The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018attra-color\u2019,  'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 1.0.8.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cce2a10-3d5f-4249-9085-923a1fa76385?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2cce2a10-3d5f-4249-9085-923a1fa76385?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/goya-modern-woocommerce-theme\\\/25175097\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/goya-modern-woocommerce-theme\\\/25175097\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/goya.everthemes.com\\\/help-center\\\/changelog\\\/#1-0-8-8-august-7-2023\",\"name\":\"https:\\\/\\\/goya.everthemes.com\\\/help-center\\\/changelog\\\/#1-0-8-8-august-7-2023\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10578","slug":"pubnews","versionImpact":"1.0.7","versionEndExcluding":"1.0.8","description":"The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities.","recommendation":"Update to version 1.0.8, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/pubnews\\\/1.0.7\\\/inc\\\/admin\\\/admin.php#L1017\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/pubnews\\\/1.0.7\\\/inc\\\/admin\\\/admin.php#L1017\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/250743\\\/pubnews\\\/1.0.8?contextall=1&old=245552&old_path=%2Fpubnews%2F1.0.7\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/250743\\\/pubnews\\\/1.0.8?contextall=1&old=245552&old_path=%2Fpubnews%2F1.0.7\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eaa0117-5320-431f-b3d2-05a867901528?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7eaa0117-5320-431f-b3d2-05a867901528?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10849","slug":"newsmash","versionImpact":"1.0.71","versionEndExcluding":"1.0.72","description":"The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.72, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=250662%40newsmash&new=250662%40newsmash&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=250662%40newsmash&new=250662%40newsmash&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bb30dac-e0f3-43dd-a20d-9af6c7af3cb4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3bb30dac-e0f3-43dd-a20d-9af6c7af3cb4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10848","slug":"newsmunch","versionImpact":"1.0.35","versionEndExcluding":"1.0.36","description":"The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"Update to version 1.0.36, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=250663%40newsmunch&new=250663%40newsmunch&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=250663%40newsmunch&new=250663%40newsmunch&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a2b0ff4-9471-4fd0-ac1a-ed5b7b4af4ff?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a2b0ff4-9471-4fd0-ac1a-ed5b7b4af4ff?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2019-25142","slug":"materialis","versionImpact":"","versionEndExcluding":"1.0.173","description":"The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 (Mesmerize) and 1.0.172 (Materialis). This is due to 'companion_disable_popup' function only checking the nonce while sending user input to the 'update_option' function. This makes it possible for authenticated attackers to change otherwise restricted options.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability\\\/\",\"name\":\"https:\\\/\\\/blog.nintechnet.com\\\/wordpress-mesmerize-and-materialis-themes-fixed-an-authenticated-options-change-vulnerability\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4d70f03-69d5-4cca-8300-985f68d19ddc\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e4d70f03-69d5-4cca-8300-985f68d19ddc\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121291%40mesmerize&new=121291%40mesmerize&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=121290%40materialis&new=121290%40materialis&sfp_email=&sfph_mail=\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/materialis\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/materialis\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/mesmerize\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/mesmerize\\\/\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-0835","slug":"royal-elementor-kit","versionImpact":"1.0.116","versionEndExcluding":"1.0.117","description":"The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values.","recommendation":"Update to version 1.0.117, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/royal-elementor-kit\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/royal-elementor-kit\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1360","slug":"colibri-wp","versionImpact":"1.0.94","versionEndExcluding":"1.0.101","description":"The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/218308\\\/colibri-wp\\\/1.0.101\\\/inc\\\/src\\\/PluginsManager.php\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/218308\\\/colibri-wp\\\/1.0.101\\\/inc\\\/src\\\/PluginsManager.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13686","slug":"vw-storefront","versionImpact":"0.9.9","versionEndExcluding":"1.0.0","description":"The VW Storefront theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vw_storefront_reset_all_settings() function in all versions up to, and including, 0.9.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the themes settings.","recommendation":"Update to version 1.0.0, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=261535%40vw-storefront&new=261535%40vw-storefront&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=261535%40vw-storefront&new=261535%40vw-storefront&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/299ed515-ba64-413a-a03a-2db801520ae0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/299ed515-ba64-413a-a03a-2db801520ae0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5638","slug":"formula","versionImpact":"0.5.1","versionEndExcluding":"0.5.2","description":"The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018id\u2019 parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 0.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193eeb92-f0af-4c6a-ac44-3166023a3006?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/193eeb92-f0af-4c6a-ac44-3166023a3006?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/formula\\\/0.5.1\\\/inc\\\/customizer\\\/customizer-notice\\\/formula-customizer-notify.php?rev=229770#L184\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/formula\\\/0.5.1\\\/inc\\\/customizer\\\/customizer-notice\\\/formula-customizer-notify.php?rev=229770#L184\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/230569\\\/\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/230569\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5613","slug":"formula","versionImpact":"0.5.1","versionEndExcluding":"0.5.2","description":"The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018id\u2019 parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"Update to version 0.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf391432-d569-4458-947f-fe4a2ebcf8f1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf391432-d569-4458-947f-fe4a2ebcf8f1?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/formula\\\/0.5.1\\\/inc\\\/customizer\\\/customizer-notice\\\/formula-customizer-notify.php?rev=229770#L143\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/formula\\\/0.5.1\\\/inc\\\/customizer\\\/customizer-notice\\\/formula-customizer-notify.php?rev=229770#L143\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/230569\\\/\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/230569\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1305","slug":"newsblogger","versionImpact":"0.2.5.4","versionEndExcluding":"0.2.5.5","description":"The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"Update to version 0.2.5.5, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L440\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L440\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=269615%40newsblogger&new=269615%40newsblogger&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=269615%40newsblogger&new=269615%40newsblogger&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b2cac27-4a36-490f-b2d8-3c6f32843a38?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7b2cac27-4a36-490f-b2d8-3c6f32843a38?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-1304","slug":"newsblogger","versionImpact":"0.2.5.1","versionEndExcluding":"0.2.5.2","description":"The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"Update to version 0.2.5.2, or a newer patched version","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2.5.5\\\/functions.php?annotate=blame&rev=269615#file2\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2.5.5\\\/functions.php?annotate=blame&rev=269615#file2\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L440\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L440\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L461\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L461\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L470\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/newsblogger\\\/0.2\\\/functions.php#L470\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85cea6b5-d57b-495e-a504-a0c1ba691637?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/85cea6b5-d57b-495e-a504-a0c1ba691637?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28955","slug":"fwdevp","versionImpact":"10.0","versionEndExcluding":"","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce allows Path Traversal. This issue affects Easy Video Player Wordpress & WooCommerce: from n\/a through 10.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/fwdevp\\\/vulnerability\\\/wordpress-easy-video-player-wordpress-woocommerce-10-0-arbitrary-file-download-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/fwdevp\\\/vulnerability\\\/wordpress-easy-video-player-wordpress-woocommerce-10-0-arbitrary-file-download-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5061","slug":"enfold","versionImpact":"6.0.3","versionEndExcluding":"","description":"The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018wrapper_class\u2019 and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25462492-59d2-44b7-81c3-93ac04a08bcc?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/25462492-59d2-44b7-81c3-93ac04a08bcc?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/enfold-responsive-multipurpose-theme\\\/4519990\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/enfold-responsive-multipurpose-theme\\\/4519990\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3965","slug":"nsc","versionImpact":"1.0","versionEndExcluding":"","description":"The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5909513d-8877-40ff-bee9-d565141b7ed2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5909513d-8877-40ff-bee9-d565141b7ed2?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/BlackFan\\\/client-side-prototype-pollution\",\"name\":\"https:\\\/\\\/github.com\\\/BlackFan\\\/client-side-prototype-pollution\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3962","slug":"winters","versionImpact":"1.4.3","versionEndExcluding":"","description":"The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=cve\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/github.com\\\/BlackFan\\\/client-side-prototype-pollution\",\"name\":\"https:\\\/\\\/github.com\\\/BlackFan\\\/client-side-prototype-pollution\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3933","slug":"yourjourney","versionImpact":"1.9.8","versionEndExcluding":"","description":"The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/github.com\\\/BlackFan\\\/client-side-prototype-pollution\",\"name\":\"https:\\\/\\\/github.com\\\/BlackFan\\\/client-side-prototype-pollution\",\"refsource\":\"MISC\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c738e051-ad1c-4115-94d3-127dd5dff935?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c738e051-ad1c-4115-94d3-127dd5dff935?source=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10763","slug":"campress","versionImpact":"1.35","versionEndExcluding":"","description":"The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/campress-responsive-education-courses-and-events-wordpress-theme\\\/19355619\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/campress-responsive-education-courses-and-events-wordpress-theme\\\/19355619\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d818b467-a893-4f4f-b623-abff99ef37b4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d818b467-a893-4f4f-b623-abff99ef37b4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24926","slug":"brooklyn","versionImpact":"4.9.7.6","versionEndExcluding":"","description":"Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n\/a through 4.9.7.6.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/brooklyn\\\/wordpress-brooklyn-theme-4-9-7-6-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/brooklyn\\\/wordpress-brooklyn-theme-4-9-7-6-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-24927","slug":"brooklyn","versionImpact":"4.9.7.6","versionEndExcluding":"","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n\/a through 4.9.7.6.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/brooklyn\\\/wordpress-brooklyn-theme-4-9-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/brooklyn\\\/wordpress-brooklyn-theme-4-9-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2107","slug":"blossom-spa","versionImpact":"1.3.4","versionEndExcluding":"","description":"The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e54dbf9-a5d1-413d-96ac-93dd499c21a4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5e54dbf9-a5d1-413d-96ac-93dd499c21a4?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=220138%40blossom-spa&new=220138%40blossom-spa&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=220138%40blossom-spa&new=220138%40blossom-spa&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-4034","slug":"virtue","versionImpact":"3.4.8","versionEndExcluding":"","description":"The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8272233-afb3-46f1-ab85-189a3923e29d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d8272233-afb3-46f1-ab85-189a3923e29d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/virtue\\\/3.4.8\\\/templates\\\/home\\\/blog-home.php#L87\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/virtue\\\/3.4.8\\\/templates\\\/home\\\/blog-home.php#L87\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=225592%40virtue&new=225592%40virtue&sfp_email=&sfph_mail=#file18\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=225592%40virtue&new=225592%40virtue&sfp_email=&sfph_mail=#file18\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3998","slug":"betheme","versionImpact":"27.5.6","versionEndExcluding":"","description":"The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b655b04-1f2f-4745-8237-7ef3f8e31ace?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5b655b04-1f2f-4745-8237-7ef3f8e31ace?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2694","slug":"betheme","versionImpact":"27.5.6","versionEndExcluding":"","description":"The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7c31409-c84a-4197-b08c-b70df5e66a80?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a7c31409-c84a-4197-b08c-b70df5e66a80?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/betheme-responsive-multipurpose-wordpress-theme\\\/7758048\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52480","slug":"jobify","versionImpact":"4.2.3","versionEndExcluding":"","description":"Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n\/a through 4.2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-plugin-4-2-3-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-plugin-4-2-3-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13773","slug":"civi","versionImpact":"2.1.4","versionEndExcluding":"","description":"The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-init.php#L36\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-init.php#L36\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3499182-7501-4fec-a7c6-b66ae47533cd?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13772","slug":"civi","versionImpact":"2.1.4","versionEndExcluding":"","description":"The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-On via Google or Facebook. This makes it possible for unauthenticated attackers to change the password of arbitrary Candidate-level users if the attacker knows the username assigned to the victim during account creation.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-ajax.php#L567\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-ajax.php#L567\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-ajax.php#L739\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-ajax.php#L739\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf04f458-7900-4dd3-84fb-169b74db97ab?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/bf04f458-7900-4dd3-84fb-169b74db97ab?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13771","slug":"civi","versionImpact":"2.1.4","versionEndExcluding":"","description":"The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes it possible for unauthenticated attackers to change the password of arbitrary users, including administrators, if the attacker knows the username of the victim.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-ajax.php#L715\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/civi\\\/includes\\\/class-ajax.php#L715\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/5ab2c74d-b83b-40ea-951c-83aeb76a7515?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-3747","slug":"blocksy","versionImpact":"2.0.39","versionEndExcluding":"","description":"The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3f71928-3f1d-4c15-8655-41cdfb707370?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e3f71928-3f1d-4c15-8655-41cdfb707370?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=224954%40blocksy%2F2.0.40&old=224210%40blocksy%2F2.0.39\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=224954%40blocksy%2F2.0.40&old=224210%40blocksy%2F2.0.39\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4200","slug":"bw-zagg","versionImpact":"1.4.1","versionEndExcluding":"","description":"The Zagg - Electronics & Accessories WooCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.1 via the load_view() function that is called via at least three AJAX actions: 'load_more_post', 'load_shop', and 'load_more_product. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zagg-electronics-accessories-woocommerce-wordpress-theme\\\/54636595\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zagg-electronics-accessories-woocommerce-wordpress-theme\\\/54636595\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/327deb08-715f-4d54-b95b-18552c07cbc0?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/327deb08-715f-4d54-b95b-18552c07cbc0?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2289","slug":"zegen","versionImpact":"1.1.9","versionEndExcluding":"","description":"The Zegen - Church WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX endpoints in all versions up to, and including, 1.1.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import, export, and update theme options.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zegen-church-wordpress-theme\\\/25116823\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zegen-church-wordpress-theme\\\/25116823\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a04db024-5198-490f-bf5f-d5bad1b21ce4?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a04db024-5198-490f-bf5f-d5bad1b21ce4?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-3771","slug":"t1","versionImpact":"19.0","versionEndExcluding":"","description":"The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c6fc499-de09-4874-ab96-bdc24d550cfb\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/7c6fc499-de09-4874-ab96-bdc24d550cfb\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-49827","slug":"soledad","versionImpact":"8.4.1","versionEndExcluding":"","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad \u2013 Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n\/a through 8.4.1.\n\n","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/soledad\\\/wordpress-soledad-theme-8-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/soledad\\\/wordpress-soledad-theme-8-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-9775","slug":"anih","versionImpact":"2024","versionEndExcluding":"","description":"The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b2b6a6b-73c2-441e-893d-ec171a659546?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8b2b6a6b-73c2-441e-893d-ec171a659546?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/anih-creative-agency-wordpress-theme\\\/36381357\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/anih-creative-agency-wordpress-theme\\\/36381357\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13933","slug":"wp-foodbakery","versionImpact":"4.7","versionEndExcluding":"","description":"The FoodBakery | Delivery Restaurant Directory WordPress Theme theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the foodbakery_var_backup_file_delete, foodbakery_widget_file_delete, theme_option_save, export_widget_settings, ajax_import_widget_data, foodbakery_var_settings_backup_generate, foodbakery_var_backup_file_restore, and theme_option_rest_all functions. This makes it possible for unauthenticated attackers to delete arbitrary files, update theme options, export widget options, import widget options, generate backups, restore backups, and reset theme options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/food-bakery-restaurant-bakery-responsive-wordpress-theme\\\/18970331\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45eda79d-f999-413e-88ce-b7d06f09f191?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/45eda79d-f999-413e-88ce-b7d06f09f191?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39352","slug":"grandrestaurant","versionImpact":"7.0","versionEndExcluding":"","description":"Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n\/a through 7.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-arbitrary-options-deletion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-arbitrary-options-deletion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39348","slug":"grandrestaurant","versionImpact":"7.0","versionEndExcluding":"","description":"Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant WordPress allows Object Injection.This issue affects Grand Restaurant WordPress: from n\/a through 7.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32926","slug":"grandrestaurant","versionImpact":"7.0","versionEndExcluding":"","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant WordPress allows Path Traversal.This issue affects Grand Restaurant WordPress: from n\/a through 7.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-path-traversal-to-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-path-traversal-to-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-47576","slug":"bimber","versionImpact":"9.2.5","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bringthepixel Bimber - Viral Magazine WordPress Theme.This issue affects Bimber - Viral Magazine WordPress Theme: from n\/a through 9.2.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/bimber\\\/vulnerability\\\/wordpress-bimber-viral-magazine-wordpress-theme-theme-9-2-5-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/bimber\\\/vulnerability\\\/wordpress-bimber-viral-magazine-wordpress-theme-theme-9-2-5-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39353","slug":"grandrestaurant","versionImpact":"7.0","versionEndExcluding":"","description":"Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n\/a through 7.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-broken-access-control-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-broken-access-control-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39351","slug":"grandrestaurant","versionImpact":"7.0","versionEndExcluding":"","description":"Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant WordPress allows Cross Site Request Forgery.This issue affects Grand Restaurant WordPress: from n\/a through 7.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandrestaurant\\\/vulnerability\\\/wordpress-grand-restaurant-wordpress-theme-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7561","slug":"the-next","versionImpact":"1.1.0","versionEndExcluding":"","description":"The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a76dcb33-4c6b-44dc-9b27-6daf4f0a1376?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a76dcb33-4c6b-44dc-9b27-6daf4f0a1376?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/the-next\\\/1.1.0\\\/libs\\\/util-functions.php#L365\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/the-next\\\/1.1.0\\\/libs\\\/util-functions.php#L365\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7560","slug":"news-flash","versionImpact":"1.1.0","versionEndExcluding":"","description":"The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5631826-6975-41e9-a896-f2aa0581334f?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d5631826-6975-41e9-a896-f2aa0581334f?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/news-flash\\\/1.1.0\\\/page.php#L8\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/news-flash\\\/1.1.0\\\/page.php#L8\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5966","slug":"grey-opaque","versionImpact":"2.0.1","versionEndExcluding":"","description":"The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f4888e1-98b3-48d9-a2d8-416eae447a32?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/2f4888e1-98b3-48d9-a2d8-416eae447a32?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/grey-opaque\\\/2.0.1\\\/functions-shortcodes.php#L34\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/grey-opaque\\\/2.0.1\\\/functions-shortcodes.php#L34\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7486","slug":"multipurpose","versionImpact":"1.2.0","versionEndExcluding":"","description":"The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e029bc15-8128-42d1-8874-b0689312cb35?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e029bc15-8128-42d1-8874-b0689312cb35?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/multipurpose\\\/1.2.0\\\/functions.php#L134\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/multipurpose\\\/1.2.0\\\/functions.php#L134\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5965","slug":"mosaic","versionImpact":"1.7.1","versionEndExcluding":"","description":"The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link\u2019 parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6921da1b-e63d-479a-9786-9b1bd8201d69?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6921da1b-e63d-479a-9786-9b1bd8201d69?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/mosaic\\\/1.7.1\\\/shortcodes.php#L165\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/mosaic\\\/1.7.1\\\/shortcodes.php#L165\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-10847","slug":"storely","versionImpact":"18","versionEndExcluding":"","description":"The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/storely\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/storely\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3a3fe11-76cc-4304-91b7-b9bc61f0ff70?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b3a3fe11-76cc-4304-91b7-b9bc61f0ff70?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-7194","slug":"meris","versionImpact":"1.1.2","versionEndExcluding":"","description":"The Meris WordPress theme through 1.1.2 does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e20292af-939a-4cb1-91e4-5ff6aa0c7fbe\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/e20292af-939a-4cb1-91e4-5ff6aa0c7fbe\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7434","slug":"ultrapress","versionImpact":"1.2.1","versionEndExcluding":"","description":"The UltraPress theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9cf97a6-38bb-4499-98f0-ca2b7111f654?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c9cf97a6-38bb-4499-98f0-ca2b7111f654?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/ultrapress\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/ultrapress\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7433","slug":"empowerment","versionImpact":"1.0.2","versionEndExcluding":"","description":"The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d96d38a-7f0e-4e47-ba49-727705eaaac6?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3d96d38a-7f0e-4e47-ba49-727705eaaac6?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/empowerment\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/empowerment\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1388","slug":"yuki","versionImpact":"1.3.13","versionEndExcluding":"","description":"The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d964e0ef-f14e-463b-bf4e-3f25788df03c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d964e0ef-f14e-463b-bf4e-3f25788df03c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/217428\\\/yuki\\\/1.3.14\\\/inc\\\/extensions\\\/class-reset-extension.php\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset\\\/217428\\\/yuki\\\/1.3.14\\\/inc\\\/extensions\\\/class-reset-extension.php\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-7432","slug":"unseen-blog","versionImpact":"1.0.0","versionEndExcluding":"","description":"The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a14b86f-a5c8-4ec2-9940-68a37a6c4a86?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/1a14b86f-a5c8-4ec2-9940-68a37a6c4a86?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/unseen-blog\\\/\",\"name\":\"https:\\\/\\\/wordpress.org\\\/themes\\\/unseen-blog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1468","slug":"Avada","versionImpact":"7.11.4","versionEndExcluding":"","description":"The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cde6e758-9723-43f2-9972-32be8aeb2b91?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cde6e758-9723-43f2-9972-32be8aeb2b91?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"name\":\"https:\\\/\\\/avada.com\\\/documentation\\\/avada-changelog\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2022-47146","slug":"realestate-7","versionImpact":"3.3.1","versionEndExcluding":"","description":"Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/realestate-7\\\/wordpress-real-estate-7-theme-3-3-1-cross-site-scripting-xss?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/vulnerability\\\/realestate-7\\\/wordpress-real-estate-7-theme-3-3-1-cross-site-scripting-xss?_s_id=cve\",\"refsource\":\"MISC\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28947","slug":"mbstore","versionImpact":"2.3","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme MBStore - Digital WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects MBStore - Digital WooCommerce WordPress Theme: from n\/a through 2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/mbstore\\\/vulnerability\\\/wordpress-mbstore-digital-woocommerce-wordpress-theme-2-3-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/mbstore\\\/vulnerability\\\/wordpress-mbstore-digital-woocommerce-wordpress-theme-2-3-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25998","slug":"samex","versionImpact":"2.6","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Samex - Clean, Minimal Shop WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Samex - Clean, Minimal Shop WooCommerce WordPress Theme: from n\/a through 2.6.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/samex\\\/vulnerability\\\/wordpress-samex-clean-minimal-shop-woocommerce-wordpress-theme-2-6-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/samex\\\/vulnerability\\\/wordpress-samex-clean-minimal-shop-woocommerce-wordpress-theme-2-6-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5529","slug":"educenter","versionImpact":"1.6.2","versionEndExcluding":"","description":"The Educenter theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Circle Counter Block in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/educenter\\\/1.6.2\\\/blocks-extends\\\/blocks\\\/circle-counter.php#L46\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/educenter\\\/1.6.2\\\/blocks-extends\\\/blocks\\\/circle-counter.php#L46\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f524163-4d4c-40fc-b58a-311f1f6cac15?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/6f524163-4d4c-40fc-b58a-311f1f6cac15?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52481","slug":"jobify","versionImpact":"4.2.3","versionEndExcluding":"","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n\/a through 4.2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-theme-4-2-3-unauthenticated-arbitrary-file-read-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-theme-4-2-3-unauthenticated-arbitrary-file-read-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-39485","slug":"grandtour","versionImpact":"5.5.1","versionEndExcluding":"","description":"Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n\/a through 5.5.1.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandtour\\\/vulnerability\\\/wordpress-grandtour-theme-5-5-1-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/grandtour\\\/vulnerability\\\/wordpress-grandtour-theme-5-5-1-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-12281","slug":"homey","versionImpact":"2.4.2","versionEndExcluding":"","description":"The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/homey-booking-wordpress-theme\\\/23338013\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b93c33c-4ab1-48a2-b84d-3cb38ccea829?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/3b93c33c-4ab1-48a2-b84d-3cb38ccea829?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32292","slug":"jarvis","versionImpact":"1.8.11","versionEndExcluding":"","description":"Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis \u2013 Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis \u2013 Night Club, Concert, Festival WordPress: from n\/a through 1.8.11.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jarvis\\\/vulnerability\\\/wordpress-jarvis-night-club-concert-festival-wordpress-1-8-11-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jarvis\\\/vulnerability\\\/wordpress-jarvis-night-club-concert-festival-wordpress-1-8-11-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31912","slug":"enzio","versionImpact":"1.1.8","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme allows PHP Local File Inclusion. This issue affects Enzio - Responsive Business WordPress Theme: from n\/a through 1.1.8.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/enzio\\\/vulnerability\\\/wordpress-enzio-responsive-business-wordpress-theme-1-1-8-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/enzio\\\/vulnerability\\\/wordpress-enzio-responsive-business-wordpress-theme-1-1-8-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31633","slug":"kiamo","versionImpact":"1.3.3","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Business Service WordPress Theme: from n\/a through 1.3.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/kiamo\\\/vulnerability\\\/wordpress-kiamo-responsive-business-service-wordpress-theme-1-3-3-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/kiamo\\\/vulnerability\\\/wordpress-kiamo-responsive-business-service-wordpress-theme-1-3-3-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13815","slug":"listingo","versionImpact":"3.2.7","versionEndExcluding":"","description":"The The Listingo theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listingo-business-listing-wordpress-directory-theme\\\/20617051\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/listingo-business-listing-wordpress-directory-theme\\\/20617051\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4595a79-c7d0-4e37-b19b-9ae985c9d713?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/e4595a79-c7d0-4e37-b19b-9ae985c9d713?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13811","slug":"lafka","versionImpact":"4.5.7","versionEndExcluding":"","description":"The Lafka - Multi Store Burger - Pizza & Food Delivery WooCommerce Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafka_import_lafka' AJAX actions in all versions up to, and including, 4.5.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo data that overrides the site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/lafka-fast-food-restaurant-woocommerce-theme\\\/23969682\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/lafka-fast-food-restaurant-woocommerce-theme\\\/23969682\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50d60e4f-7680-4ec0-9183-bdc8439679db?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/50d60e4f-7680-4ec0-9183-bdc8439679db?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13810","slug":"zass","versionImpact":"3.9.9.10","versionEndExcluding":"","description":"The Zass - WooCommerce Theme for Handmade Artists and Artisans theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'zass_import_zass' AJAX actions in all versions up to, and including, 3.9.9.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import demo content and overwrite the site.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zass-wordpress-woocommerce-theme\\\/19614113\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/zass-wordpress-woocommerce-theme\\\/19614113\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d85e54c2-dff6-42e6-8123-767438f9c5f1?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d85e54c2-dff6-42e6-8123-767438f9c5f1?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13787","slug":"veda","versionImpact":"4.2","versionEndExcluding":"","description":"The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/veda-multipurpose-theme\\\/15860489\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/veda-multipurpose-theme\\\/15860489\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0966138-b28b-4c03-a2cf-b51c5f478276?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/d0966138-b28b-4c03-a2cf-b51c5f478276?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-5014","slug":"homevillas-real-estate","versionImpact":"2.8","versionEndExcluding":"","description":"The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wp_rem_cs_widget_file_delete' function in all versions up to, and including, 2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/homevillas-real-estate\\\/include\\\/backend\\\/cs-widgets\\\/import\\\/cs-class-widget-data.php#L384\",\"name\":\"http:\\\/\\\/localhost:1337\\\/wp-content\\\/themes\\\/homevillas-real-estate\\\/include\\\/backend\\\/cs-widgets\\\/import\\\/cs-class-widget-data.php#L384\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd4f2ca-9c27-4de0-ac82-3cd107b6a092?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/afd4f2ca-9c27-4de0-ac82-3cd107b6a092?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52479","slug":"jobify","versionImpact":"4.2.3","versionEndExcluding":"","description":"Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n\/a through 4.2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-plugin-4-2-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-52478","slug":"jobify","versionImpact":"4.2.3","versionEndExcluding":"","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n\/a through 4.2.3.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-theme-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/jobify\\\/vulnerability\\\/wordpress-jobify-theme-4-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5964","slug":"zenon-lite","versionImpact":"1.9","versionEndExcluding":"","description":"The Zenon Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the theme's Button shortcode in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e9b004a-2050-47e8-ac4d-491b715c87d2?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/7e9b004a-2050-47e8-ac4d-491b715c87d2?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/zenon-lite\\\/1.9\\\/lib\\\/includes\\\/shortcodes.php#L138\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/zenon-lite\\\/1.9\\\/lib\\\/includes\\\/shortcodes.php#L138\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5925","slug":"theron-lite","versionImpact":"2.0","versionEndExcluding":"","description":"The Theron Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the theme's Button shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4737bb2-1bb4-4986-9df5-5978fc46f2ec?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/b4737bb2-1bb4-4986-9df5-5978fc46f2ec?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/theron-lite\\\/2.0\\\/lib\\\/includes\\\/shortcodes.php#L76\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/theron-lite\\\/2.0\\\/lib\\\/includes\\\/shortcodes.php#L76\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5922","slug":"scylla-lite","versionImpact":"1.8.3","versionEndExcluding":"","description":"The Scylla lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the theme's Button shortcode in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c57bffc8-1ee5-4380-a78f-f4fc8c606861?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c57bffc8-1ee5-4380-a78f-f4fc8c606861?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/scylla-lite\\\/1.8.3\\\/lib\\\/includes\\\/shortcodes.php#L139\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/scylla-lite\\\/1.8.3\\\/lib\\\/includes\\\/shortcodes.php#L139\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5884","slug":"beauty","versionImpact":"1.1.4","versionEndExcluding":"","description":"The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018tpl_featured_cat_id\u2019 parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1089958-a481-47b1-9dc6-799a1a7930c8?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/c1089958-a481-47b1-9dc6-799a1a7930c8?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/beauty\\\/1.1.4\\\/functions.php#L46\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/beauty\\\/1.1.4\\\/functions.php#L46\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5870","slug":"tweaker5","versionImpact":"1.2","versionEndExcluding":"","description":"The Tweaker5 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the theme's Button shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f70ba568-b013-4177-928a-eefb606333ee?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f70ba568-b013-4177-928a-eefb606333ee?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/tweaker5\\\/1.2\\\/inc\\\/extras.php#L175\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/tweaker5\\\/1.2\\\/inc\\\/extras.php#L175\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5796","slug":"infinite","versionImpact":"1.1.2","versionEndExcluding":"","description":"The Infinite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018project_url\u2019 parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/673f0910-8121-4344-b756-2ed5418fdc6b?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/673f0910-8121-4344-b756-2ed5418fdc6b?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/infinite\\\/1.1.2\\\/framework\\\/metaboxes\\\/metaboxes.php#L79\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/infinite\\\/1.1.2\\\/framework\\\/metaboxes\\\/metaboxes.php#L79\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5869","slug":"neighborly","versionImpact":"1.4","versionEndExcluding":"","description":"The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018url\u2019 parameter within the theme's Button shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f65834c6-6da7-4033-aa2a-a4926d6c955d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/f65834c6-6da7-4033-aa2a-a4926d6c955d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/neighborly\\\/1.4\\\/inc\\\/extras.php#L151\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/neighborly\\\/1.4\\\/inc\\\/extras.php#L151\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5788","slug":"silesia","versionImpact":"1.0.6","versionEndExcluding":"","description":"The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link\u2019 attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0183625a-611c-4353-9d2a-7a25ae12709a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/0183625a-611c-4353-9d2a-7a25ae12709a?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/silesia\\\/1.0.6\\\/functions\\\/shortcodes.php#L128\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/silesia\\\/1.0.6\\\/functions\\\/shortcodes.php#L128\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5867","slug":"delicate","versionImpact":"3.5.5","versionEndExcluding":"","description":"The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' parameter within the theme's Button shortcode in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbf491d6-e546-4e3f-88c2-237b647a2b1e?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/dbf491d6-e546-4e3f-88c2-237b647a2b1e?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/delicate\\\/3.5.5\\\/functions\\\/shortcodes.php#L128\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/delicate\\\/3.5.5\\\/functions\\\/shortcodes.php#L128\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5789","slug":"triton-lite","versionImpact":"1.3","versionEndExcluding":"","description":"The Triton Lite theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the theme's Button shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/049efe5a-3f68-46ad-b73a-1892f03c9d1d?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/049efe5a-3f68-46ad-b73a-1892f03c9d1d?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/triton-lite\\\/1.3\\\/lib\\\/includes\\\/shortcodes.php#L136\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/triton-lite\\\/1.3\\\/lib\\\/includes\\\/shortcodes.php#L136\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-52807","slug":"kossy","versionImpact":"1.45","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n\/a through 1.45.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/kossy\\\/vulnerability\\\/wordpress-kossy-minimalist-ecommerce-wordpress-theme-1-45-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/kossy\\\/vulnerability\\\/wordpress-kossy-minimalist-ecommerce-wordpress-theme-1-45-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-32311","slug":"pressroom","versionImpact":"6.9","versionEndExcluding":"","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Pressroom - News Magazine WordPress Theme allows Reflected XSS. This issue affects Pressroom - News Magazine WordPress Theme: from n\/a through 6.9.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/pressroom\\\/vulnerability\\\/wordpress-pressroom-news-magazine-wordpress-theme-theme-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/pressroom\\\/vulnerability\\\/wordpress-pressroom-news-magazine-wordpress-theme-theme-6-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-4606","slug":"sala","versionImpact":"1.1.4","versionEndExcluding":"","description":"The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/sala-startup-saas-wordpress-theme\\\/33843955?s_rank=4\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/sala-startup-saas-wordpress-theme\\\/33843955?s_rank=4\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa385a1f-1623-4f0a-bb2f-d4564b8f91bf?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/aa385a1f-1623-4f0a-bb2f-d4564b8f91bf?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13307","slug":"reales-wp-real-estate-wordpress-theme","versionImpact":"2.1.2","versionEndExcluding":"","description":"The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_remove_from_favourites' functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reales-wp-real-estate-wordpress-theme\\\/10330568\",\"name\":\"https:\\\/\\\/themeforest.net\\\/item\\\/reales-wp-real-estate-wordpress-theme\\\/10330568\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb94caa4-35a4-4aa3-8d25-263bbd58072a?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/cb94caa4-35a4-4aa3-8d25-263bbd58072a?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-2558","slug":"the-wound","versionImpact":"0.0.1","versionEndExcluding":"","description":"The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function\/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a8e1c89-a01d-4347-91fc-ba454784b153\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a8e1c89-a01d-4347-91fc-ba454784b153\\\/\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a8e1c89-a01d-4347-91fc-ba454784b153\\\/\",\"name\":\"https:\\\/\\\/wpscan.com\\\/vulnerability\\\/6a8e1c89-a01d-4347-91fc-ba454784b153\\\/\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-5938","slug":"boot-store","versionImpact":"1.6.4","versionEndExcluding":"","description":"The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018link\u2019 parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8256b8e4-f8c5-4feb-b6e4-668ed3b6fccd?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/8256b8e4-f8c5-4feb-b6e4-668ed3b6fccd?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/boot-store\\\/1.6.4\\\/admin\\\/bootstrap-shortcode.php#L63\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/boot-store\\\/1.6.4\\\/admin\\\/bootstrap-shortcode.php#L63\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-2500","slug":"colormag","versionImpact":"3.1.6","versionEndExcluding":"","description":"The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4b44d89-6f1e-4a23-91ea-e79fc3221183?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/a4b44d89-6f1e-4a23-91ea-e79fc3221183?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/colormag\\\/3.1.6\\\/inc\\\/template-tags.php#L845\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/colormag\\\/3.1.6\\\/inc\\\/template-tags.php#L845\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=221537%40colormag&new=221537%40colormag&sfp_email=&sfph_mail=\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&old=221537%40colormag&new=221537%40colormag&sfp_email=&sfph_mail=\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-1771","slug":"total","versionImpact":"2.1.59","versionEndExcluding":"","description":"The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat sections on the homepage.","recommendation":"","refs":"[{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26b64ae3-5839-47d5-9c65-7c595bb18e6c?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/26b64ae3-5839-47d5-9c65-7c595bb18e6c?source=cve\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/total\\\/2.1.59\\\/inc\\\/customizer\\\/customizer-functions.php#L112\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/total\\\/2.1.59\\\/inc\\\/customizer\\\/customizer-functions.php#L112\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=219020%40total%2F2.1.60&old=216973%40total%2F2.1.59\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/changeset?sfp_email=&sfph_mail=&reponame=&new=219020%40total%2F2.1.60&old=216973%40total%2F2.1.59\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2015-4582","slug":"boot-store","versionImpact":"1.6.4","versionEndExcluding":"","description":"The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/boot-store\\\/1.6.4\\\/header.php#L348\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/boot-store\\\/1.6.4\\\/header.php#L348\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31396","slug":"flap","versionImpact":"1.5","versionEndExcluding":"","description":"Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n\/a through 1.5.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/flap\\\/vulnerability\\\/wordpress-flap-business-wordpress-theme-1-5-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/flap\\\/vulnerability\\\/wordpress-flap-business-wordpress-theme-1-5-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-28945","slug":"valen","versionImpact":"2.4","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Valen - Sport, Fashion WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects Valen - Sport, Fashion WooCommerce WordPress Theme: from n\/a through 2.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/valen\\\/vulnerability\\\/wordpress-valen-sport-fashion-woocommerce-wordpress-theme-2-4-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/valen\\\/vulnerability\\\/wordpress-valen-sport-fashion-woocommerce-wordpress-theme-2-4-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2023-25999","slug":"bodycenter","versionImpact":"2.4","versionEndExcluding":"","description":"Improper Control of Filename for Include\/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme BodyCenter - Gym, Fitness WooCommerce WordPress Theme allows PHP Local File Inclusion. This issue affects BodyCenter - Gym, Fitness WooCommerce WordPress Theme: from n\/a through 2.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/bodycenter\\\/vulnerability\\\/wordpress-bodycenter-gym-fitness-woocommerce-wordpress-theme-2-4-local-file-inclusion-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/bodycenter\\\/vulnerability\\\/wordpress-bodycenter-gym-fitness-woocommerce-wordpress-theme-2-4-local-file-inclusion-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2024-13545","slug":"bootstrap-ultimate","versionImpact":"1.4.9","versionEndExcluding":"","description":"The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attackers to include PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. If php:\/\/filter is enabled on the server, this issue may directly lead to Remote Code Execution.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/bootstrap-ultimate\\\/1.4.9\\\/docs\\\/index.php#L8\",\"name\":\"https:\\\/\\\/themes.trac.wordpress.org\\\/browser\\\/bootstrap-ultimate\\\/1.4.9\\\/docs\\\/index.php#L8\",\"refsource\":\"\",\"tags\":[]},{\"url\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae07af10-e5fc-4f28-a343-f56c0e2bc324?source=cve\",\"name\":\"https:\\\/\\\/www.wordfence.com\\\/threat-intel\\\/vulnerabilities\\\/id\\\/ae07af10-e5fc-4f28-a343-f56c0e2bc324?source=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31427","slug":"invico","versionImpact":"1.9","versionEndExcluding":"","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Invico - WordPress Consulting Business Theme allows Reflected XSS. This issue affects Invico - WordPress Consulting Business Theme: from n\/a through 1.9.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/invico\\\/vulnerability\\\/wordpress-invico-wordpress-consulting-business-theme-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/invico\\\/vulnerability\\\/wordpress-invico-wordpress-consulting-business-theme-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31422","slug":"visual-arts","versionImpact":"2.4","versionEndExcluding":"","description":"Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme allows Object Injection. This issue affects Visual Art | Gallery WordPress Theme: from n\/a through 2.4.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/visual-arts\\\/vulnerability\\\/wordpress-visual-art-gallery-wordpress-theme-2-4-php-object-injection-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/visual-arts\\\/vulnerability\\\/wordpress-visual-art-gallery-wordpress-theme-2-4-php-object-injection-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31072","slug":"ofiz","versionImpact":"2.0","versionEndExcluding":"","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Ofiz - WordPress Business Consulting Theme allows Reflected XSS. This issue affects Ofiz - WordPress Business Consulting Theme: from n\/a through 2.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/ofiz\\\/vulnerability\\\/wordpress-ofiz-wordpress-business-consulting-theme-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/ofiz\\\/vulnerability\\\/wordpress-ofiz-wordpress-business-consulting-theme-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}
{"CVE_ID":"CVE-2025-31055","slug":"electrician","versionImpact":"1.0","versionEndExcluding":"","description":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vergatheme Electrician - Electrical Service WordPress allows Reflected XSS. This issue affects Electrician - Electrical Service WordPress: from n\/a through 1.0.","recommendation":"No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.","refs":"[{\"url\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/electrician\\\/vulnerability\\\/wordpress-electrician-electrical-service-wordpress-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"name\":\"https:\\\/\\\/patchstack.com\\\/database\\\/wordpress\\\/theme\\\/electrician\\\/vulnerability\\\/wordpress-electrician-electrical-service-wordpress-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve\",\"refsource\":\"\",\"tags\":[]}]"}