Vulnerabilities > Themegrill > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-9218 | Cross-site Scripting vulnerability in Themegrill Magazine Blocks The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.14. | 6.1 |
| 2024-08-01 | CVE-2024-39629 | Cross-site Scripting vulnerability in Themegrill Himalayas Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2. | 4.8 |
| 2024-07-22 | CVE-2024-37432 | Unspecified vulnerability in Themegrill Esteem Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0. | 6.1 |
| 2024-01-20 | CVE-2024-0679 | Missing Authorization vulnerability in Themegrill Colormag The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. | 6.5 |