Vulnerabilities > Themehigh

DATE CVE VULNERABILITY TITLE RISK
2024-10-04 CVE-2024-8499 Cross-site Scripting vulnerability in Themehigh Checkout Field Editor
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping.
network
low complexity
themehigh CWE-79
6.1
2024-06-10 CVE-2024-35658 Unspecified vulnerability in Themehigh Checkout Field Editor for Woocommerce
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through 3.6.2.
network
low complexity
themehigh
critical
9.1
2023-12-29 CVE-2023-51545 Unspecified vulnerability in Themehigh JOB Manager & Career
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4.
network
low complexity
themehigh
8.8
2023-11-27 CVE-2023-5906 Unspecified vulnerability in Themehigh JOB Manager & Career
The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users.
network
low complexity
themehigh
7.5
2022-11-28 CVE-2022-3490 Unspecified vulnerability in Themehigh Checkout Field Editor for Woocommerce
The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
network
low complexity
themehigh
7.2
2022-05-02 CVE-2022-0783 Unspecified vulnerability in Themehigh multiple Shipping Addresses for Woocommerce
The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections
network
low complexity
themehigh
critical
9.8