Kata Plus
by Climaxthemes
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32572 | Cri | 0.64 | 9.8 | 0.01 | Apr 17, 2025 | Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through <= 1.5.3. | ||
| CVE-2024-50501 | Med | 0.42 | 6.5 | 0.00 | Oct 28, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Climax Themes Kata Plus kata-plus allows DOM-Based XSS.This issue affects Kata Plus: from n/a through <= 1.4.7. | ||
| CVE-2025-50009 | Med | 0.35 | 5.4 | 0.00 | Jun 20, 2025 | Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3. | ||
| CVE-2024-9376 | Med | 0.35 | 6.4 | 0.00 | Oct 29, 2024 | The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes… |
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through <= 1.5.3.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Climax Themes Kata Plus kata-plus allows DOM-Based XSS.This issue affects Kata Plus: from n/a through <= 1.4.7.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in Climax Themes Kata Plus kata-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kata Plus: from n/a through <= 1.5.3.
- risk 0.35cvss 6.4epss 0.00
The Kata Plus – Addons for Elementor – Widgets, Extensions and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes…