Vulnerabilities > Rextheme > WP VR > 8.3.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-49293 | Missing Authorization vulnerability in Rextheme WP VR Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4. | 5.4 |
| 2024-01-08 | CVE-2023-6529 | Cross-site Scripting vulnerability in Rextheme WP VR The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. | 6.1 |