Woodmart
by Xtemos
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-32244 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | ||
| CVE-2026-23971 | Hig | 0.53 | 8.1 | 0.00 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8. | ||
| CVE-2025-49935 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2. | ||
| CVE-2023-41872 | Hig | 0.46 | 7.1 | 0.00 | Sep 25, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. | ||
| CVE-2025-49936 | Med | 0.42 | 6.5 | 0.00 | Oct 22, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2. | ||
| CVE-2023-32240 | Med | 0.35 | 5.4 | 0.00 | Jan 2, 2025 | Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1. | ||
| CVE-2023-32500 | Med | 0.35 | 5.4 | 0.00 | Nov 9, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions. | ||
| CVE-2023-32239 | Med | 0.35 | 5.4 | 0.00 | Jun 22, 2023 | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions. | ||
| CVE-2026-32405 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9. | ||
| CVE-2025-47600 | Med | 0.34 | 5.3 | 0.00 | Jan 22, 2026 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7. | ||
| CVE-2025-6744 | 0.00 | — | 0.00 | Jul 8, 2025 | The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the… | |||
| CVE-2025-6746 | 0.00 | — | 0.00 | Jul 8, 2025 | The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php… | |||
| CVE-2025-6743 | 0.00 | — | 0.00 | Jul 8, 2025 | The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible… |
- risk 0.64cvss 9.8epss 0.01
Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.
- risk 0.53cvss 8.1epss 0.00
Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2.
- risk 0.46cvss 7.1epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions.
- risk 0.35cvss 5.4epss 0.00
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.
- risk 0.34cvss 5.3epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7.
- CVE-2025-6744Jul 8, 2025risk 0.00cvss —epss 0.00
The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the…
- CVE-2025-6746Jul 8, 2025risk 0.00cvss —epss 0.00
The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php…
- CVE-2025-6743Jul 8, 2025risk 0.00cvss —epss 0.00
The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…