VYPR

Vendor CVEs

Themeisle

All CVEs

72 total · sorted by risk
  • CVE-2024-30235MedMar 26, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

  • CVE-2024-1092MedFeb 5, 2024
    risk 0.28cvss 4.3epss 0.00

    The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This…

  • CVE-2024-1162MedFeb 2, 2024
    risk 0.28cvss 4.3epss 0.00

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated…

  • CVE-2024-1047MedFeb 2, 2024
    risk 0.27cvss 5.3epss 0.01

    Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update…

  • CVE-2023-7019MedJan 11, 2024
    risk 0.21cvss 4.3epss 0.00

    The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible…

  • CVE-2020-36758MedOct 20, 2023
    risk 0.21cvss 4.3epss 0.00

    The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated…

  • CVE-2023-2608LowMay 17, 2023
    risk 0.20cvss 3.1epss 0.00

    The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and…

  • CVE-2024-51671LowNov 19, 2024
    risk 0.18cvss 2.7epss 0.00

    Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through <= 3.0.3.

  • CVE-2019-15858Sep 3, 2019
    risk 0.06cvss epss 0.21

    admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

  • CVE-2023-2256May 30, 2023
    risk 0.02cvss epss 0.01

    The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.

  • CVE-2024-10705Jan 26, 2025
    risk 0.00cvss epss 0.00

    The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.5 via the 'mpg_download_file_by_link' function. This makes it possible for authenticated attackers, with editor-level access and…

  • CVE-2024-13183Jan 10, 2025
    risk 0.00cvss epss 0.00

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_tag’ parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2025-0311Jan 10, 2025
    risk 0.00cvss epss 0.00

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-10672Nov 12, 2024
    risk 0.00cvss epss 0.00

    The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for…

  • CVE-2024-7778Aug 22, 2024
    risk 0.00cvss epss 0.00

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-35728Jun 10, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20.

  • CVE-2024-35736Jun 8, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.

  • CVE-2023-2287May 30, 2023
    risk 0.00cvss epss 0.01

    The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of…

  • CVE-2023-1839May 15, 2023
    risk 0.00cvss epss 0.00

    The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…

  • CVE-2022-47143Mar 14, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.

  • CVE-2021-25018Feb 14, 2022
    risk 0.00cvss epss 0.01

    The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could…

  • CVE-2019-14773Aug 8, 2019
    risk 0.00cvss epss 0.02

    admin/includes/class.actions.snippet.php in the "Woody ad snippets" plugin through 2.2.5 for WordPress allows wp-admin/admin-post.php?action=close&post= deletion.

Page 2 of 2