Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-50892 - Allows Reflected Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.
THEME
Allows Reflected Xss
CVE-2023-50892
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-51501 - Allows Reflected Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Undsgn Uncode - Creative & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Uncode - Creative & WooCommerce WordPress Theme: from n/a through 2.8.6.
THEME
Allows Reflected Xss
CVE-2023-51501
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-6744 - Divi Theme
The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Divi
CVE-2023-6744
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49826 - Woocommerce Theme
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
THEME
Woocommerce
CVE-2023-49826
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49752 - Vulnerability In Spoon Themes Adifier Classified Ads
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.
THEME
Vulnerability In Spoon Themes Adifier Classified Ads
CVE-2023-49752
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-29432 - Vulnerability In Favethemes Houzez Real Estate
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3.
THEME
Vulnerability In Favethemes Houzez Real Estate
CVE-2023-29432
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49825 - Woocommerce Theme
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
THEME
Woocommerce
CVE-2023-49825
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49750 - Submitting Coupons Theme
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoonthemes Couponis - Affiliate & Submitting Coupons WordPress Theme.This issue affects Couponis - Affiliate & Submitting Coupons WordPress Theme: from n/a before 2.2.
THEME
Submitting Coupons
CVE-2023-49750
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49187 - Allows Reflected Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4.
THEME
Allows Reflected Xss
CVE-2023-49187
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49827 - Allows Reflected Xss Theme
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme allows Reflected XSS.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
THEME
Allows Reflected Xss
CVE-2023-49827
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5338 - Theme Blvd Shortcodes
The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Theme Blvd Shortcodes
CVE-2023-5338
Risk Score
Threat Entry
Updated 2025-02-19
CVE-2023-36529 - Allows Sql Injection Theme
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.
THEME
Allows Sql Injection
CVE-2023-36529
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3965 - Nsc Theme
The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Nsc
CVE-2023-3965
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3962 - Winters Theme
The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Winters
CVE-2023-3962
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3933 - Your Journey Theme
The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
THEME
Your Journey
CVE-2023-3933
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5614 - Theme Switcha
The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Theme Switcha
CVE-2023-5614
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4971 - Weaver Xtreme Theme Support
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.
THEME
Weaver Xtreme Theme Support
CVE-2023-4971
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2813 - All Of The Above Aapna Theme
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable…
THEME
All Of The Above Aapna
CVE-2023-2813
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1403 - Weaver Xtreme Theme
The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 5.0.7. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
THEME
Weaver Xtreme Theme
CVE-2023-1403
Risk Score
Threat Entry
Updated 2025-02-04
CVE-2023-0276 - Weaver Xtreme Theme Support
The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
THEME
Weaver Xtreme Theme Support
CVE-2023-0276
Risk Score