Vulnerabilities > Awplife > Formula > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-08 CVE-2024-5613 Cross-site Scripting vulnerability in Awplife Formula
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping.
network
low complexity
awplife CWE-79
6.1
6.1
2024-06-08 CVE-2024-5638 Cross-site Scripting vulnerability in Awplife Formula
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and including, 0.5.1 due to insufficient input sanitization and output escaping.
network
low complexity
awplife CWE-79
6.1
6.1