CVE-2024-4939
- EPSS 0.2%
- Veröffentlicht 05.06.2024 08:15:09
- Zuletzt bearbeitet 21.11.2024 09:43:54
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied att...
CVE-2023-6990
- EPSS 0.13%
- Veröffentlicht 11.01.2024 09:15:54
- Zuletzt bearbeitet 21.11.2024 08:44:59
The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). Thi...
CVE-2023-4971
- EPSS 0.25%
- Veröffentlicht 16.10.2023 20:15:17
- Zuletzt bearbeitet 23.04.2025 17:16:48
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on...
CVE-2023-0276
- EPSS 0.09%
- Veröffentlicht 24.04.2023 19:15:08
- Zuletzt bearbeitet 04.02.2025 19:15:26
The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and...