Vulnerabilidades en themeisle
97 resultadosCVE-2024-3105CRITICALWoody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code ExecutionEPSS 2.8%CVE-2022-2444HIGHVisualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR DeserializationEPSS 1.8%CVE-2024-3962CRITICALProduct Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_fileEPSS 1.4%CVE-2023-47529MEDIUMWordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data ExposureEPSS 1.0%CVE-2025-11391CRITICALPPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File UploadEPSS 0.9%CVE-2023-2607HIGHMultiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL InjectionEPSS 0.8%CVE-2024-1317HIGHRSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL InjectionEPSS 0.7%CVE-2023-33927HIGHWordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL InjectionEPSS 0.7%CVE-2024-3750HIGHVisualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL ExecutionEPSS 0.6%CVE-2024-27951CRITICALWordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerabilityEPSS 0.6%CVE-2023-39920HIGHWordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2025-8141HIGHRedirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File DeletionEPSS 0.6%CVE-2024-1047MEDIUMThemeIsle SDK <= Various Versions - Missing AuthorizationEPSS 0.6%CVE-2017-20251CRITICALWordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST APIEPSS 0.6%CVE-2024-1499MEDIUMOrbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.5%CVE-2024-1497MEDIUMOrbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attributeEPSS 0.5%CVE-2024-0508MEDIUMOrbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor WidgetEPSS 0.5%CVE-2024-1318MEDIUMRSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and PublicationEPSS 0.5%CVE-2022-46848MEDIUMWordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)EPSS 0.5%CVE-2024-11219MEDIUMOtter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image ViewEPSS 0.5%