Vulnerabilities > Themehunk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-23179 | Cross-site Scripting vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 4.8 |
| 2024-01-16 | CVE-2022-23180 | Missing Authorization vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | 4.3 |
| 2023-11-12 | CVE-2023-27431 | Cross-Site Request Forgery (CSRF) vulnerability in Themehunk BIG Store Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions. | 8.8 |
| 2022-09-26 | CVE-2022-2404 | Cross-site Scripting vulnerability in Themehunk WP Popup Builder The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
| 2022-09-26 | CVE-2022-2405 | Missing Authorization vulnerability in Themehunk WP Popup Builder The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | 4.3 |
| 2021-12-27 | CVE-2021-24967 | Cross-site Scripting vulnerability in Themehunk Contact Form & Lead Form Elementor Builder The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads | 4.3 |