Filtered by vendor Radiustheme
Subscriptions
Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-0836 | 1 Radiustheme | 1 Review Schema | 2024-02-05 | 4.3 Medium |
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews. | ||||
CVE-2023-23685 | 1 Radiustheme | 1 Portfolio | 2023-11-07 | 5.4 Medium |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions. | ||||
CVE-2023-39923 | 1 Radiustheme | 1 The Post Grid | 2023-10-05 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. | ||||
CVE-2023-37894 | 1 Radiustheme | 1 Variation Images Gallery For Woocommerce | 2023-08-02 | 6.1 Medium |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions. | ||||
CVE-2023-37387 | 1 Radiustheme | 1 Classified Listing Pro - Classified Ads \& Business Directory | 2023-07-26 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. | ||||
CVE-2022-46853 | 1 Radiustheme | 1 Post Grid | 2023-05-26 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. | ||||
CVE-2022-2654 | 1 Radiustheme | 5 Classified Listing - Classified Ads \& Business Directory, Classified Listing Pro - Classified Ads \& Business Directory, Classified Listing Store \& Membership and 2 more | 2022-09-20 | 6.1 Medium |
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting | ||||
CVE-2022-2655 | 1 Radiustheme | 1 Classified Listing Pro - Classified Ads \& Business Directory | 2022-09-20 | 6.1 Medium |
The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | ||||
CVE-2022-2557 | 1 Radiustheme | 1 Team - Wordpress Team Members Showcase | 2022-08-23 | 8.8 High |
The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user | ||||
CVE-2021-24742 | 1 Radiustheme | 1 Logo Slider And Showcase | 2021-11-30 | 6.5 Medium |
The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check. |
Page 1 of 1.