VYPR
Vendor

Machothemes

Products
6
CVEs
8
Across products
16
Status
Private

Products

6

Recent CVEs

8
  • CVE-2020-36708CriJun 7, 2023
    risk 0.71cvss 9.8epss 0.65

    The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <=…

  • CVE-2020-36721MedJun 7, 2023
    risk 0.42cvss 6.5epss 0.01

    The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welco…

  • CVE-2023-0162MedJan 10, 2023
    risk 0.36cvss 5.5epss 0.01

    The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2022-3477Nov 14, 2022
    risk 0.05cvss epss 0.04

    The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their…

  • CVE-2023-28493May 8, 2023
    risk 0.00cvss epss 0.00

    Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.

  • CVE-2023-27619Apr 25, 2023
    risk 0.00cvss epss 0.00

    Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.

  • CVE-2022-4837Jan 30, 2023
    risk 0.00cvss epss 0.01

    The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used…

  • CVE-2021-24304Aug 9, 2021
    risk 0.00cvss epss 0.01

    The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.