Designer
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54225 | Hig | 0.49 | 7.5 | 0.02 | Dec 9, 2024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through <= 1.4.1. | ||
| CVE-2025-23987 | Med | 0.42 | 6.5 | 0.00 | Jan 31, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codegearthemes Designer designer allows DOM-Based XSS.This issue affects Designer: from n/a through <= 1.6.4. | ||
| CVE-2026-21338 | 0.00 | — | 0.00 | Feb 10, 2026 | Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||
| CVE-2026-21307 | 0.00 | — | 0.00 | Jan 13, 2026 | Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
- risk 0.49cvss 7.5epss 0.02
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in codegearthemes Designer designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through <= 1.4.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codegearthemes Designer designer allows DOM-Based XSS.This issue affects Designer: from n/a through <= 1.6.4.
- CVE-2026-21338Feb 10, 2026risk 0.00cvss —epss 0.00
Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CVE-2026-21307Jan 13, 2026risk 0.00cvss —epss 0.00
Substance3D - Designer versions 15.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.