Vulnerabilities > Villatheme

DATE CVE VULNERABILITY TITLE RISK
2024-10-17 CVE-2024-49288 Cross-site Scripting vulnerability in Villatheme Woocommerce Email Template Customizer
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5.
network
low complexity
villatheme CWE-79
4.8
2024-09-11 CVE-2024-8277 Missing Authentication for Critical Function vulnerability in Villatheme Woocommerce Photo Reviews
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2.
network
low complexity
villatheme CWE-306
critical
9.8
2023-12-21 CVE-2023-50831 Cross-site Scripting vulnerability in Villatheme Curcy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
network
low complexity
villatheme CWE-79
5.4
2023-12-18 CVE-2023-48778 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Product Size Chart for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.
network
low complexity
villatheme CWE-352
8.8
2023-09-04 CVE-2023-4216 Unspecified vulnerability in Villatheme Orders Tracking for Woocommerce
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack.
network
low complexity
villatheme
2.7
2023-08-08 CVE-2023-30482 Cross-site Scripting vulnerability in Villatheme Wpbulky
Auth.
network
low complexity
villatheme CWE-79
5.4
2023-07-01 CVE-2021-4395 Unspecified vulnerability in Villatheme Abandoned Cart Recovery for Woocommerce
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4.
network
low complexity
villatheme
6.5
2023-06-07 CVE-2021-4379 Unspecified vulnerability in Villatheme Woocommerce Multi Currency 2.1.17
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17.
network
low complexity
villatheme
6.5
2023-05-25 CVE-2022-46810 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Thank YOU Page Customizer for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
network
low complexity
villatheme CWE-352
8.8
2023-05-25 CVE-2022-46812 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Thank YOU Page Customizer for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
network
low complexity
villatheme CWE-352
8.8