Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Home / Threats / CVE-2023-2813

CVE-2023-2813 - Aapna Plugin

CVE-2023-2813

Vulnerability CVE-2023-2813 PLUGIN aapna MEDIUM

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.

CVE-2023-2813

MEDIUM CVSS 6.1 Published 2023-09-04 Updated 2024-11-21
AI Risk Elevated (59/100) Active Exploit: No strong signal Published Exploit: No public exploit references Priority: P3 Priority
Severity Band MEDIUM
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Components 101
Reference Links 1
AI Risk Engine Elevated (59/100)
Exploitability Medium
Active Exploitation No strong signal
Published Exploit Status No public exploit references

Threat Timeline

  1. 2023-09-04 CVE published and first recorded in the threat feed.
  2. 2024-11-21 Record updated with latest vulnerability metadata.
  3. 2026-04-09 AI technical context refreshed for mitigation and impact guidance.
  4. Now Monitoring for follow-up changes, linked references, and new related CVEs.

AI Context

Machine-generated threat intelligence

AI Updated 7 days ago

AI enriched 7 days ago (2026-04-09 07:14 UTC)

Technical Summary

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop…

Potential Impact

Severity is MEDIUM (CVSS 6.1). Depending on deployment context, affected components may be exposed to unauthorized actions or data integrity risk.

Exploitability Assessment

Exploitability is assessed as Medium based on low-bar exploit prerequisites.

Primary risk drivers: low-bar exploit prerequisites

Mitigation Recommendations

Validate affected product versions, prioritize patching, and monitor references for vendor remediation guidance. If immediate patching is not possible, apply compensating controls and limit exposure of vulnerable surfaces.

Detection & Monitoring

Track authentication anomalies, unexpected file writes, and suspicious plugin API activity around affected components.

Business Impact Lens

Prioritize remediation where affected components process customer data, admin sessions, or Internet-exposed workflows.

Affected Products

Aapna PLUGIN · aapna Affected: <= 1.3 Fixed version not specified
Anand PLUGIN · anand Affected: <= 1.2 Fixed version not specified
Anfaust PLUGIN · anfaust Affected: <= 1.1 Fixed version not specified
Arendelle PLUGIN · arendelle Affected: < 1.1.13 Fixed in: 1.1.13
Atlast Business PLUGIN · atlast-business Affected: <= 1.5.8.5 Fixed version not specified
Bazaar Lite PLUGIN · bazaar-lite Affected: < 1.8.6 Fixed in: 1.1.13
Brain Power PLUGIN · brain-power Affected: <= 1.2 Fixed version not specified
Bunnypress Lite PLUGIN · bunnypress-lite Affected: <= 2.1 Fixed version not specified
Cafe Bistro PLUGIN · cafe-bistro Affected: < 1.1.4 Fixed in: 1.1.4
College PLUGIN · college Affected: < 1.5.1 Fixed in: 1.1.13
Connections Reloaded PLUGIN · connections-reloaded Affected: <= 3.1 Fixed version not specified
Counterpoint PLUGIN · counterpoint Affected: <= 1.8.1 Fixed version not specified
Digitally PLUGIN · digitally Affected: <= 1.0.8 Fixed version not specified
Directory PLUGIN · directory Affected: < 3.0.2 Fixed in: 1.1.13
Drop PLUGIN · drop Affected: < 1.22 Fixed in: 1.1.13
Everse PLUGIN · everse Affected: < 1.2.4 Fixed in: 1.1.13
Fashionable Store PLUGIN · fashionable-store Affected: <= 1.3.4 Fixed version not specified
Fullbase PLUGIN · fullbase Affected: < 1.2.1 Fixed in: 1.1.13
Ilex PLUGIN · ilex Affected: < 1.4.2 Fixed in: 1.1.13
Js O3 Lite PLUGIN · js-o3-lite Affected: <= 1.5.8.2 Fixed version not specified
Js Paper PLUGIN · js-paper Affected: <= 2.5.7 Fixed version not specified
Kata PLUGIN · kata Affected: < 1.2.9 Fixed in: 1.1.13
Looki Lite PLUGIN · looki-lite Affected: < 1.3.0 Fixed in: 1.1.13
Moseter PLUGIN · moseter Affected: <= 1.3.1 Fixed version not specified
Nokke PLUGIN · nokke Affected: < 1.2.4 Fixed in: 1.1.13
Nothing Personal PLUGIN · nothing-personal Affected: <= 1.0.7 Fixed version not specified
Offset Writing PLUGIN · offset-writing Affected: <= 1.2 Fixed version not specified
Opor Ayam PLUGIN · opor-ayam Affected: <= 1.8 Fixed version not specified
Pinzolo PLUGIN · pinzolo Affected: < 1.2.10 Fixed in: 1.1.13
Plato PLUGIN · plato Affected: < 1.1.9 Fixed in: 1.1.9
Polka Dots PLUGIN · polka-dots Affected: <= 1.2 Fixed version not specified
Purity Of Soul PLUGIN · purity-of-soul Affected: <= 1.9 Fixed version not specified
Restaurant Pt PLUGIN · restaurant-pt Affected: < 1.1.3 Fixed in: 1.1.3
Saul PLUGIN · saul Affected: < 1.1.0 Fixed in: 1.1.0
Saul Lite PLUGIN · saul-lite Affected: < 1.4.6 Fixed in: 1.1.13
Tantyyellow PLUGIN · tantyyellow Affected: <= 1.0.0.5 Fixed version not specified
Tijaji PLUGIN · tijaji Affected: <= 1.43 Fixed version not specified
Tiki Time PLUGIN · tiki-time Affected: <= 1.3 Fixed version not specified
Tuaug4 PLUGIN · tuaug4 Affected: <= 1.4 Fixed version not specified
Tydskrif PLUGIN · tydskrif Affected: <= 1.1.3 Fixed version not specified
Ultralight PLUGIN · ultralight Affected: <= 1.2 Fixed version not specified
Venice Lite PLUGIN · venice-lite Affected: <= 1.5.5 Fixed version not specified
Viala PLUGIN · viala Affected: <= 1.3.1 Fixed version not specified
Viburno PLUGIN · viburno Affected: < 1.3.2 Fixed in: 1.1.13
Wedding Bride PLUGIN · wedding-bride Affected: < 1.0.2 Fixed in: 1.0.2
Wlow PLUGIN · wlow Affected: < 1.2.7 Fixed in: 1.1.13
All Of The Above Aapna THEME · all-of-the-above-aapna Affected: < 1.1.13 Fixed in: 1.1.13
Anand THEME · anand Affected: < 1.1.13 Fixed in: 1.1.13
Anfaust THEME · anfaust Affected: < 1.1.13 Fixed in: 1.1.13
Arendelle THEME · arendelle Affected: < 1.1.13 Fixed in: 1.1.13
Atlast Business THEME · atlast-business Affected: < 1.1.13 Fixed in: 1.1.13
Bazaar Lite THEME · bazaar-lite Affected: < 1.1.13 Fixed in: 1.1.13
Before 1 THEME · before-1 Affected: < 1.1.13 Fixed in: 1.1.13
Before 2 THEME · before-2 Affected: < 1.1.13 Fixed in: 1.1.13
Before 3 THEME · before-3 Affected: < 1.1.13 Fixed in: 1.1.13
Brain Power THEME · brain-power Affected: < 1.1.13 Fixed in: 1.1.13
Bunnypresslite THEME · bunnypresslite Affected: < 1.1.13 Fixed in: 1.1.13
Cafe Bistro THEME · cafe-bistro Affected: < 1.1.13 Fixed in: 1.1.13
College THEME · college Affected: < 1.1.13 Fixed in: 1.1.13
Connections Reloaded THEME · connections-reloaded Affected: < 1.1.13 Fixed in: 1.1.13
Counterpoint THEME · counterpoint Affected: < 1.1.13 Fixed in: 1.1.13
Digitally THEME · digitally Affected: < 1.1.13 Fixed in: 1.1.13
Directory THEME · directory Affected: < 1.1.13 Fixed in: 1.1.13
Drop THEME · drop Affected: < 1.1.13 Fixed in: 1.1.13
Everse THEME · everse Affected: < 1.1.13 Fixed in: 1.1.13
Fashionable Store THEME · fashionable-store Affected: < 1.1.13 Fixed in: 1.1.13
Fullbase THEME · fullbase Affected: < 1.1.13 Fixed in: 1.1.13
Ilex THEME · ilex Affected: < 1.1.13 Fixed in: 1.1.13
Js O3 Lite THEME · js-o3-lite Affected: < 1.1.13 Fixed in: 1.1.13
Js Paper THEME · js-paper Affected: < 1.1.13 Fixed in: 1.1.13
Kata THEME · kata Affected: < 1.1.13 Fixed in: 1.1.13
Kata App THEME · kata-app Affected: < 1.1.13 Fixed in: 1.1.13
Kata Business THEME · kata-business Affected: < 1.1.13 Fixed in: 1.1.13
Looki Lite THEME · looki-lite Affected: < 1.1.13 Fixed in: 1.1.13
Moseter THEME · moseter Affected: < 1.1.13 Fixed in: 1.1.13
Nokke THEME · nokke Affected: < 1.1.13 Fixed in: 1.1.13
Nothing Personal THEME · nothing-personal Affected: < 1.1.13 Fixed in: 1.1.13
Offset Writing THEME · offset-writing Affected: < 1.1.13 Fixed in: 1.1.13
Opor Ayam THEME · opor-ayam Affected: < 1.1.13 Fixed in: 1.1.13
Pinzolo THEME · pinzolo Affected: < 1.1.13 Fixed in: 1.1.13
Plato THEME · plato Affected: < 1.1.13 Fixed in: 1.1.13
Polka Dots THEME · polka-dots Affected: < 1.1.13 Fixed in: 1.1.13
Purity Of Soul THEME · purity-of-soul Affected: < 1.1.13 Fixed in: 1.1.13
Restaurant Pt THEME · restaurant-pt Affected: < 1.1.13 Fixed in: 1.1.13
Saul THEME · saul Affected: < 1.1.13 Fixed in: 1.1.13
Sean Lite THEME · sean-lite Affected: < 1.1.13 Fixed in: 1.1.13
Tantyyellow THEME · tantyyellow Affected: < 1.1.13 Fixed in: 1.1.13
Through 1 THEME · through-1 Affected: < 1.1.13 Fixed in: 1.1.13
Through 18 THEME · through-18 Affected: < 1.1.13 Fixed in: 1.1.13
Through 2 THEME · through-2 Affected: < 1.1.13 Fixed in: 1.1.13
Through 3 THEME · through-3 Affected: < 1.1.13 Fixed in: 1.1.13
Tijaji THEME · tijaji Affected: < 1.1.13 Fixed in: 1.1.13
Tiki Time THEME · tiki-time Affected: < 1.1.13 Fixed in: 1.1.13
Tuaug4 THEME · tuaug4 Affected: < 1.1.13 Fixed in: 1.1.13
Tydskrif THEME · tydskrif Affected: < 1.1.13 Fixed in: 1.1.13
Ultralight THEME · ultralight Affected: < 1.1.13 Fixed in: 1.1.13
Venice Lite THEME · venice-lite Affected: < 1.1.13 Fixed in: 1.1.13
Viala THEME · viala Affected: < 1.1.13 Fixed in: 1.1.13
Viburno THEME · viburno Affected: < 1.1.13 Fixed in: 1.1.13
Wedding Bride THEME · wedding-bride Affected: < 1.1.13 Fixed in: 1.1.13
Wlow THEME · wlow Affected: < 1.1.13 Fixed in: 1.1.13

Related Vulnerabilities

Browse All Threats

Newest linked vulnerabilities to keep visitors exploring adjacent CVE coverage.

CVE-2023-3708 - Arendelle Plugin CVE-2023-3708 Published 2023-07-18 CVE-2025-12018 - Directory Plugin CVE-2025-12018 Published 2025-11-12 CVE-2026-1540 - Before 1 Plugin CVE-2026-1540 Published 2026-04-02 CVE-2026-2687 - Before 1 Plugin CVE-2026-2687 Published 2026-03-12 CVE-2026-1753 - Before 1 Plugin CVE-2026-1753 Published 2026-03-11 CVE-2026-1508 - Before 1 Plugin CVE-2026-1508 Published 2026-03-10
Scroll to top