CVE-2024-13770
- EPSS 2.18%
- Veröffentlicht 13.02.2025 05:15:14
- Zuletzt bearbeitet 24.02.2025 17:08:04
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes...
CVE-2025-0837
- EPSS 0.07%
- Veröffentlicht 13.02.2025 05:15:14
- Zuletzt bearbeitet 24.02.2025 17:08:29
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for aut...
CVE-2024-13769
- EPSS 0.06%
- Veröffentlicht 12.02.2025 05:15:12
- Zuletzt bearbeitet 24.02.2025 15:54:05
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up to, and incl...