Vulnerabilities > Themehunk

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2024-9061 Code Injection vulnerability in Themehunk WP Popup Builder
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all versions up to, and including, 1.3.5.
network
low complexity
themehunk CWE-94
critical
9.8
2024-09-25 CVE-2024-8434 Missing Authorization vulnerability in Themehunk Mega Menu
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9.
network
low complexity
themehunk CWE-862
4.3
2024-09-17 CVE-2024-44049 Cross-site Scripting vulnerability in Themehunk Gutenberg Blocks
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7.
network
low complexity
themehunk CWE-79
5.4
2024-01-16 CVE-2022-23179 Cross-site Scripting vulnerability in Themehunk Contact Form & Lead Form Elementor Builder
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
network
low complexity
themehunk CWE-79
4.8
2024-01-16 CVE-2022-23180 Missing Authorization vulnerability in Themehunk Contact Form & Lead Form Elementor Builder
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings
network
low complexity
themehunk CWE-862
4.3
2023-11-12 CVE-2023-27431 Unspecified vulnerability in Themehunk BIG Store
Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions.
network
low complexity
themehunk
8.8
2022-09-26 CVE-2022-2404 Unspecified vulnerability in Themehunk WP Popup Builder
The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
network
low complexity
themehunk
6.1
2022-09-26 CVE-2022-2405 Missing Authorization vulnerability in Themehunk WP Popup Builder
The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup
network
low complexity
themehunk CWE-862
4.3
2021-12-27 CVE-2021-24967 Unspecified vulnerability in Themehunk Contact Form & Lead Form Elementor Builder
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads
network
low complexity
themehunk
6.1