Vulnerabilities > Themeisle

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-10672 Path Traversal vulnerability in Themeisle multiple Page Generator
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2.
network
low complexity
themeisle CWE-22
2.7
2024-10-20 CVE-2024-47325 SQL Injection vulnerability in Themeisle multiple Page Generator
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7.
network
low complexity
themeisle CWE-89
8.8
2024-08-22 CVE-2024-7778 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping.
network
low complexity
themeisle CWE-79
5.4
2024-06-22 CVE-2024-2484 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping.
network
low complexity
themeisle CWE-79
5.4
2024-06-10 CVE-2024-35728 Unspecified vulnerability in Themeisle Product Addons & Fields for Woocommerce
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20.
network
low complexity
themeisle
5.3
2024-06-08 CVE-2024-35682 Unspecified vulnerability in Themeisle Otter Blocks
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11.
network
low complexity
themeisle
5.3
2024-06-08 CVE-2024-35736 Unspecified vulnerability in Themeisle Visualizer
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.
network
low complexity
themeisle
8.8
2024-02-05 CVE-2024-0508 Cross-site Scripting vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL.
network
low complexity
themeisle CWE-79
5.4
2024-02-05 CVE-2024-1092 Missing Authorization vulnerability in Themeisle RSS Aggregator BY Feedzy
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1.
network
low complexity
themeisle CWE-862
4.3
2024-02-02 CVE-2024-1047 Missing Authorization vulnerability in Themeisle Orbit FOX
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28.
network
low complexity
themeisle CWE-862
5.3