Xtemos

Woodmart

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-23971

  • EPSS 0.05%
  • Veröffentlicht 25.03.2026 16:14:29
  • Zuletzt bearbeitet 06.04.2026 20:16:21

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8.

5.3

CVE-2026-32405

  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 11:42:13
  • Zuletzt bearbeitet 17.03.2026 14:16:16

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.This issue affects WoodMart: from n/a through <= 8.3.9.

6.1

CVE-2025-47600

  • EPSS 0.04%
  • Veröffentlicht 22.01.2026 16:51:40
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7.

7.4

CVE-2025-49935

  • EPSS 0.13%
  • Veröffentlicht 22.10.2025 14:32:16
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2.

6.5

CVE-2025-49936

  • EPSS 0.03%
  • Veröffentlicht 22.10.2025 14:32:16
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue affects WoodMart: from n/a through < 8.3.2.

5.3

CVE-2025-8097

  • EPSS 0.28%
  • Veröffentlicht 26.07.2025 06:43:22
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_update_cart_item function. This makes it possible for...

5.3

CVE-2025-6745

  • EPSS 0.1%
  • Veröffentlicht 11.07.2025 07:22:59
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible...

7.3

CVE-2025-6744

  • EPSS 0.78%
  • Veröffentlicht 08.07.2025 09:22:30
  • Zuletzt bearbeitet 09.07.2025 13:47:24

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do...

5.4

CVE-2025-6743

  • EPSS 0.04%
  • Veröffentlicht 08.07.2025 06:41:58
  • Zuletzt bearbeitet 09.07.2025 13:50:02

The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attrib...

8.8

CVE-2025-6746

  • EPSS 0.16%
  • Veröffentlicht 08.07.2025 06:41:58
  • Zuletzt bearbeitet 09.07.2025 13:49:30

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include an...