Vulnerabilities > Themepoints

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-22	CVE-2023-47809	Unspecified vulnerability in Themepoints Accordion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions. network low complexity themepoints	5.4
2023-11-22	CVE-2023-5667	Cross-site Scripting vulnerability in Themepoints TAB Ultimate 1.3 The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity themepoints CWE-79	5.4
2023-10-30	CVE-2023-5666	Cross-site Scripting vulnerability in Themepoints Accordion The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity themepoints CWE-79	5.4
2023-10-20	CVE-2023-5613	Cross-site Scripting vulnerability in Themepoints Super Testimonials The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity themepoints CWE-79	5.4
2023-10-19	CVE-2023-5639	Cross-site Scripting vulnerability in Themepoints Team Showcase The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity themepoints CWE-79	5.4
2022-11-14	CVE-2022-3539	Unspecified vulnerability in Themepoints Testimonials and Testimonials PRO The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. network low complexity themepoints	4.8
2022-10-28	CVE-2021-36858	Cross-site Scripting vulnerability in Themepoints Testimonials Auth. network low complexity themepoints CWE-79	4.8

Vulnerabilities > Themepoints {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Themepoints"}]}

Vulnerabilities > Themepoints