Vulnerabilities > Athemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-01 | CVE-2024-13547 | Cross-site Scripting vulnerability in Athemes Addons for Elementor The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-4473 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-05-02 | CVE-2024-4036 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-04-09 | CVE-2024-3208 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-03-29 | CVE-2024-2936 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-29 | CVE-2024-1447 | Cross-site Scripting vulnerability in Athemes Sydney Toolbox The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. | 5.4 |