Vulnerabilities > Xplodedthemes > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-21 CVE-2022-40217 Unrestricted Upload of File with Dangerous Type vulnerability in Xplodedthemes Wpide
Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
network
low complexity
xplodedthemes CWE-434
7.2
7.2
2022-08-29 CVE-2022-2261 Unspecified vulnerability in Xplodedthemes Wpide
The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.
network
low complexity
xplodedthemes
7.2
7.2