Vulnerabilities > Xplodedthemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-9178 | Cross-site Scripting vulnerability in Xplodedthemes XT Floating Cart for Woocommerce The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-10-15 | CVE-2024-9546 | Unspecified vulnerability in Xplodedthemes Wpide The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. | 5.3 |
| 2024-09-24 | CVE-2024-8716 | Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. | 6.1 |
| 2022-09-21 | CVE-2022-40217 | Unrestricted Upload of File with Dangerous Type vulnerability in Xplodedthemes Wpide Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | 7.2 |
| 2022-08-29 | CVE-2022-2261 | Path Traversal vulnerability in Xplodedthemes Wpide The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | 7.2 |
| 2022-08-23 | CVE-2022-35235 | Path Traversal vulnerability in Xplodedthemes Wpide - File Manager & Code Editor Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | 4.9 |