VYPR

Weaver Xtreme

by WordPress

CVEs (2)

  • CVE-2023-1403MedJun 9, 2023
    risk 0.42cvss 6.4epss 0.01

    The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to…

  • CVE-2023-6990MedJan 11, 2024
    risk 0.35cvss 5.4epss 0.00

    The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). This makes it possible for…