VYPR
Vendor

Spicethemes

Products
3
CVEs
3
Across products
3
Status
Private

Products

3

Recent CVEs

3
  • CVE-2026-39621HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through <= 2.3.2.5.

  • CVE-2024-44003HigSep 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through <= 1.2.5.

  • CVE-2023-5362MedOct 30, 2023
    risk 0.35cvss 6.4epss 0.01

    The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes.…