Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2024-5533 - Divi Theme
The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Divi
CVE-2024-5533
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3815 - Newspaper Theme
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Newspaper
CVE-2024-3815
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5638 - Formula Theme
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Formula
CVE-2024-5638
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5613 - Formula Theme
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Formula
CVE-2024-5613
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4459 - Themesflat Addons For Elementor
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget's titles in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Themesflat Addons For Elementor
CVE-2024-4459
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4458 - Themesflat Addons For Elementor
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in several widgets via URL parameters in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Themesflat Addons For Elementor
CVE-2024-4458
Risk Score
Threat Entry
Updated 2025-02-13
CVE-2024-4212 - Themesflat Addons For Elementor
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TF Group Image, TF Nav Menu, TF Posts, TF Woo Product Grid, TF Accordion, and TF Image Box widgets in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Themesflat Addons For Elementor
CVE-2024-4212
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-2922 - Themesflat Addons For Elementor
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget tags in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Themesflat Addons For Elementor
CVE-2024-2922
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5439 - Blocksy Theme
The Blocksy theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the custom_url parameter in all versions up to, and including, 2.0.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Blocksy
CVE-2024-5439
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4939 - Weaver Xtreme Theme Support
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Weaver Xtreme Theme Support
CVE-2024-4939
Risk Score
Threat Entry
Updated 2025-03-24
CVE-2024-5418 - Dethemekit For Elementor
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Dethemekit For Elementor
CVE-2024-5418
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6325 - RomethemeForm For Elementor
The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to export arbitrary form submissions, create new forms, or update any post title or certain metadata.
THEME
RomethemeForm For Elementor
CVE-2023-6325
Risk Score
Threat Entry
Updated 2025-02-03
CVE-2024-4943 - Blocksy Theme
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Blocksy
CVE-2024-4943
Risk Score
Threat Entry
Updated 2025-03-21
CVE-2024-4374 - Dethemekit For Elementor
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Dethemekit For Elementor
CVE-2024-4374
Risk Score
Threat Entry
Updated 2025-01-28
CVE-2024-4158 - Blocksy Theme
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Blocksy
CVE-2024-4158
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3806 - Porto Theme
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via the 'porto_ajax_posts' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
THEME
Porto
CVE-2024-3806
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-3807 - Porto Theme
The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via 'porto_page_header_shortcode_type', 'slideshow_type' and 'post_layout' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. This was partially patched in version 7.1.0…
THEME
Porto
CVE-2024-3807
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4034 - Virtue Theme
The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Virtue
CVE-2024-4034
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2024-3747 - Blocksy Theme
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the className parameter in the About Me block in all versions up to, and including, 2.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Blocksy
CVE-2024-3747
Risk Score
Threat Entry
Updated 2025-05-29
CVE-2024-3517 - Shortcodes And Extra Features For Phlox Theme
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion Widget in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Shortcodes And Extra Features For Phlox Theme
CVE-2024-3517
Risk Score