Vulnerabilities > Villatheme

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-50831 Cross-site Scripting vulnerability in Villatheme Curcy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
network
low complexity
villatheme CWE-79
5.4
2023-12-18 CVE-2023-48778 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Product Size Chart for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.
network
low complexity
villatheme CWE-352
8.8
2023-09-04 CVE-2023-4216 Unspecified vulnerability in Villatheme Orders Tracking for Woocommerce
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack.
network
low complexity
villatheme
2.7
2023-08-08 CVE-2023-30482 Cross-site Scripting vulnerability in Villatheme Wpbulky
Auth.
network
low complexity
villatheme CWE-79
5.4
2023-07-01 CVE-2021-4395 Unspecified vulnerability in Villatheme Abandoned Cart Recovery for Woocommerce
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4.
network
low complexity
villatheme
6.5
2023-06-07 CVE-2021-4379 Unspecified vulnerability in Villatheme Woocommerce Multi Currency 2.1.17
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17.
network
low complexity
villatheme
6.5
2023-05-25 CVE-2022-46810 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Thank YOU Page Customizer for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
network
low complexity
villatheme CWE-352
8.8
2023-05-25 CVE-2022-46812 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Thank YOU Page Customizer for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
network
low complexity
villatheme CWE-352
8.8
2023-03-01 CVE-2022-46806 Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Cart ALL in ONE for Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.
network
low complexity
villatheme CWE-352
4.3
2022-11-18 CVE-2022-44634 Unspecified vulnerability in Villatheme S2W - Import Shopify to Woocommerce
Auth.
network
low complexity
villatheme
4.9