Vulnerabilities > Villatheme
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-01 | CVE-2022-46806 | Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Cart ALL in ONE for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. | 4.3 |
2022-11-18 | CVE-2022-44634 | Unspecified vulnerability in Villatheme S2W - Import Shopify to Woocommerce Auth. | 4.9 |
2022-10-14 | CVE-2022-41623 | Unspecified vulnerability in Villatheme Dropshipping and Fulfillment for Aliexpress and Woocommerce Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress. | 7.5 |
2022-04-18 | CVE-2022-1037 | Server-Side Request Forgery (SSRF) vulnerability in Villatheme Exmage The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | 7.2 |
2022-01-24 | CVE-2021-25062 | Cross-site Scripting vulnerability in Villatheme Orders Tracking for Woocommerce The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |