Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-02-18
CVE-2024-13867 - Listivo Classified Ads Wordpress Theme
The Listivo - Classified Ads WordPress Theme theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 2.3.67 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Listivo Classified Ads Wordpress Theme
CVE-2024-13867
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2025-0661 - Dethemekit For Elementor
The DethemeKit For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the duplicate_post() function due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, draft, or scheduled posts that they should not have access to by duplicating the post.
THEME
Dethemekit For Elementor
CVE-2025-0661
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13346 - Woocommerce Theme
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.11.13. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
THEME
Woocommerce
CVE-2024-13346
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13770 - Rtl Theme
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional…
THEME
Rtl
CVE-2024-13770
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2025-0837 - Puzzles Theme
The Puzzles theme for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Puzzles
CVE-2025-0837
Risk Score
Threat Entry
Updated 2025-11-13
CVE-2024-10763 - Campress Theme
The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
THEME
Campress
CVE-2024-10763
Risk Score
Threat Entry
Updated 2025-02-25
CVE-2024-13644 - Dethemekit For Elementor
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's De Gallery widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Dethemekit For Elementor
CVE-2024-13644
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13656 - Blog Theme
The Click Mag - Viral WordPress News Magazine/Blog Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the propanel_of_ajax_callback() function in all versions up to, and including, 3.6.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.
THEME
Blog Theme
CVE-2024-13656
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13769 - Rtl Theme
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the 'theme_options_ajax_post_action' AJAX action in all versions up to, and including, 4.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and inject malicious web scripts. The developer opted to remove the software from the repository, so an update is not available and it is recommended to find a replacement software.
THEME
Rtl
CVE-2024-13769
Risk Score
Threat Entry
Updated 2025-02-25
CVE-2024-13421 - For Wordpress Is Vulnerable To Privilege Escalation In All Versions Up To Theme
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.
THEME
For Wordpress Is Vulnerable To Privilege Escalation In All Versions Up To
CVE-2024-13421
Risk Score
Threat Entry
Updated 2025-02-25
CVE-2024-13653 - Zoxpress The All In One Wordpress News Theme
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
THEME
Zoxpress The All In One Wordpress News Theme
CVE-2024-13653
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13654 - Zoxpress The All In One Wordpress News Theme
The ZoxPress - The All-In-One WordPress News Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'reset_options' function in all versions up to, and including, 2.12.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.
THEME
Zoxpress The All In One Wordpress News Theme
CVE-2024-13654
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2025-0169 - Is Vulnerable To Stored Cross Site Scripting Via Shortcodes In Versions Up To Theme
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Is Vulnerable To Stored Cross Site Scripting Via Shortcodes In Versions Up To
CVE-2025-0169
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-13529 - Socialv Social Network And Community Buddypress Theme
The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' function in all versions up to, and including, 2.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download arbitrary files from the target system.
THEME
Socialv Social Network And Community Buddypress Theme
CVE-2024-13529
Risk Score
Threat Entry
Updated 2025-02-24
CVE-2024-13547 - Athemes Addons For Elementor
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Athemes Addons For Elementor
CVE-2024-13547
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-10847 - Storely Theme
The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Storely
CVE-2024-10847
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-11936 - Zox News Theme
The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_options' function in all versions up to, and including, 3.16.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
THEME
Zox News
CVE-2024-11936
Risk Score
Threat Entry
Updated 2025-01-24
CVE-2025-24666 - AI Chatbot for WordPress – Hyve Lite Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeIsle AI Chatbot for WordPress – Hyve Lite allows Stored XSS. This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through 1.2.2.
THEME
AI Chatbot for WordPress – Hyve Lite
CVE-2025-24666
Risk Score
Threat Entry
Updated 2025-02-07
CVE-2024-13698 - Jobify Job Board Wordpress Theme
The Jobify - Job Board WordPress Theme for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the 'download_image_via_ai' and 'generate_image_via_ai' functions in all versions up to, and including, 4.2.7. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application to upload files in an image format, and to generate AI images using the site's OpenAI key.
THEME
Jobify Job Board Wordpress
CVE-2024-13698
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-10324 - Romethemekit For Elementor
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
THEME
Romethemekit For Elementor
CVE-2024-10324
Risk Score