Vulnerabilities > Athemes > Sydney Toolbox > 1.07

DATE CVE VULNERABILITY TITLE RISK
2024-05-14 CVE-2024-4473 Cross-site Scripting vulnerability in Athemes Sydney Toolbox
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
athemes CWE-79
5.4
2024-05-02 CVE-2024-4036 Cross-site Scripting vulnerability in Athemes Sydney Toolbox
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping.
network
low complexity
athemes CWE-79
5.4
2024-04-09 CVE-2024-3208 Cross-site Scripting vulnerability in Athemes Sydney Toolbox
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
athemes CWE-79
5.4
2024-03-29 CVE-2024-2936 Cross-site Scripting vulnerability in Athemes Sydney Toolbox
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
athemes CWE-79
5.4
2024-02-29 CVE-2024-1447 Cross-site Scripting vulnerability in Athemes Sydney Toolbox
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link.
network
low complexity
athemes CWE-79
5.4