VYPR

Theme Demo Bar

by WordPress

CVEs (2)

  • CVE-2025-2558HigApr 24, 2025
    risk 0.56cvss 8.6epss 0.02

    The-wound WordPress theme through 0.0.1 does not validate some parameters before using them to generate paths passed to include function/s, allowing unauthenticated users to perform LFI attacks and download arbitrary file from the server

  • CVE-2025-25134HigMar 26, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zenverse Theme Demo Bar wordpress-theme-demo-bar allows Reflected XSS.This issue affects Theme Demo Bar: from n/a through <= 1.6.3.