Vulnerabilities > Xplodedthemes

DATE CVE VULNERABILITY TITLE RISK
2024-11-05 CVE-2024-9178 Cross-site Scripting vulnerability in Xplodedthemes XT Floating Cart for Woocommerce
The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping.
network
low complexity
xplodedthemes CWE-79
5.4
2024-10-15 CVE-2024-9546 Unspecified vulnerability in Xplodedthemes Wpide
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9.
network
low complexity
xplodedthemes
5.3
2024-09-24 CVE-2024-8716 Cross-site Scripting vulnerability in Xplodedthemes XT Ajax ADD to Cart for Woocommerce
The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2.
network
low complexity
xplodedthemes CWE-79
6.1
2022-09-21 CVE-2022-40217 Unrestricted Upload of File with Dangerous Type vulnerability in Xplodedthemes Wpide
Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
network
low complexity
xplodedthemes CWE-434
7.2
2022-08-29 CVE-2022-2261 Unspecified vulnerability in Xplodedthemes Wpide
The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.
network
low complexity
xplodedthemes
7.2
2022-08-23 CVE-2022-35235 Path Traversal vulnerability in Xplodedthemes Wpide - File Manager & Code Editor
Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
network
low complexity
xplodedthemes CWE-22
4.9