Vulnerabilities > Themehunk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-16 | CVE-2024-9061 | Code Injection vulnerability in Themehunk WP Popup Builder The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5. | 9.8 |
| 2024-09-25 | CVE-2024-8434 | Missing Authorization vulnerability in Themehunk Easy Mega Menu Plugin The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. | 4.3 |
| 2024-09-17 | CVE-2024-44049 | Cross-site Scripting vulnerability in Themehunk Gutenberg Blocks Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7. | 5.4 |
| 2024-01-16 | CVE-2022-23179 | Cross-site Scripting vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
| 2024-01-16 | CVE-2022-23180 | Missing Authorization vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | 4.3 |
| 2023-11-12 | CVE-2023-27431 | Cross-Site Request Forgery (CSRF) vulnerability in Themehunk BIG Store Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions. | 8.8 |
| 2022-09-26 | CVE-2022-2404 | Cross-site Scripting vulnerability in Themehunk WP Popup Builder The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2022-09-26 | CVE-2022-2405 | Missing Authorization vulnerability in Themehunk WP Popup Builder The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | 4.3 |
| 2021-12-27 | CVE-2021-24967 | Cross-site Scripting vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads | 6.1 |