VYPR

Dwt Directory And Listing Wordpress Theme

by WordPress

CVEs (3)

  • CVE-2024-12827CriJun 27, 2025
    risk 0.64cvss 9.8epss 0.00

    The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password…

  • CVE-2025-0169MedFeb 8, 2025
    risk 0.42cvss 6.4epss 0.00

    The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated…

  • CVE-2025-0170MedJan 16, 2025
    risk 0.40cvss 6.1epss 0.00

    The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated…