VYPR

The7

by WordPress

CVEs (7)

  • CVE-2025-63074HigDec 9, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through < 12.8.1.1.

  • CVE-2023-29100HigJun 23, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions.

  • CVE-2026-6646MedMay 15, 2026
    risk 0.42cvss 6.4epss 0.00

    The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode…

  • CVE-2025-11897MedOct 25, 2025
    risk 0.42cvss 6.4epss 0.00

    The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ the7_fancy_title_css’ parameter in all versions up to, and including, 12.9.1 due to insufficient input sanitization and output escaping. This…

  • CVE-2025-7726MedAug 9, 2025
    risk 0.42cvss 6.4epss 0.00

    The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and output escaping. The theme’s JavaScript reads user-supplied 'title' and…

  • CVE-2024-5451MedJun 25, 2024
    risk 0.42cvss 6.4epss 0.00

    The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and…

  • CVE-2023-32123MedNov 13, 2023
    risk 0.40cvss 6.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3.