Vulnerabilities > Unitedthemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13636 | Deserialization of Untrusted Data vulnerability in Unitedthemes Brooklyn 4.9.7.6 The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function. | 8.8 |
| 2024-07-22 | CVE-2024-37097 | Cross-site Scripting vulnerability in Unitedthemes Shortcodes Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UnitedThemes Shortcodes by United Themes allows Reflected XSS.This issue affects Shortcodes by United Themes: from n/a before 5.0.5. | 6.1 |
| 2024-02-12 | CVE-2024-24926 | Unspecified vulnerability in Unitedthemes Brooklyn 4.9.7.6 Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 8.8 |
| 2024-02-12 | CVE-2024-24927 | Cross-site Scripting vulnerability in Unitedthemes Brooklyn 4.9.7.6 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. | 6.1 |