Vulnerabilities > Themegrill
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-9218 | Cross-site Scripting vulnerability in Themegrill Magazine Blocks The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. | 6.1 |
| 2024-08-01 | CVE-2024-39629 | Cross-site Scripting vulnerability in Themegrill Himalayas Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2. | 4.8 |
| 2024-07-22 | CVE-2024-37432 | Cross-site Scripting vulnerability in Themegrill Esteem Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0. | 6.1 |
| 2024-01-20 | CVE-2024-0679 | Missing Authorization vulnerability in Themegrill Colormag The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. | 6.5 |
| 2021-05-05 | CVE-2020-36334 | Cross-Site Request Forgery (CSRF) vulnerability in Themegrill Demo Importer themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | 8.8 |
| 2021-05-05 | CVE-2020-36333 | Missing Authentication for Critical Function vulnerability in Themegrill Demo Importer themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook. | 9.1 |