VYPR
Vendor

Ex Themes

Products
4
CVEs
6
Across products
6
Status
Private

Products

4

Recent CVEs

6
  • CVE-2025-31040HigApr 11, 2025
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Exthemes WP Food ordering and Restaurant Menu wp-food allows PHP Local File Inclusion.This issue affects WP Food ordering and Restaurant Menu: from n/a…

  • CVE-2025-54722HigNov 6, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WooTour woo-tour allows Reflected XSS.This issue affects WooTour: from n/a through <= 3.6.3.

  • CVE-2026-32440MedMar 13, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Ex-Themes WP Food wp-food allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Food: from n/a through < 2.7.1.

  • CVE-2025-60121MedSep 26, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through <= 4.1.7.

  • CVE-2024-13415MedJan 31, 2025
    risk 0.28cvss 4.3epss 0.00

    The Food Menu – Restaurant Menu & Online Ordering for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 5.1.4. This makes it possible for authenticated…

  • CVE-2024-13792Feb 20, 2025
    risk 0.00cvss epss 0.01

    The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before…