Vulnerabilities > Xylusthemes

DATE CVE VULNERABILITY TITLE RISK
2025-05-19 CVE-2025-48256 Cross-site Scripting vulnerability in Xylusthemes Import Social Events
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes Import Social Events allows Stored XSS.
network
low complexity
xylusthemes CWE-79
5.4
2022-12-06 CVE-2022-40209 Unspecified vulnerability in Xylusthemes WP Smart Import 1.0.0/1.0.1/1.0.2
Unauth.
network
low complexity
xylusthemes
6.1
2021-07-07 CVE-2020-24147 Server-Side Request Forgery (SSRF) vulnerability in Xylusthemes WP Smart Import 1.0.0
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.
network
low complexity
xylusthemes CWE-918
critical
9.1