Filtered by vendor Hasthemes
Subscribe
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0232 | 1 Hasthemes | 1 Shoplentor | 2023-11-07 | N/A | 9.8 CRITICAL |
| The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. | |||||
| CVE-2023-0231 | 1 Hasthemes | 1 Shoplentor | 2023-11-07 | N/A | 5.4 MEDIUM |
| The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-4650 | 1 Hasthemes | 1 Hashbar | 2023-11-07 | N/A | 5.4 MEDIUM |
| The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2022-46798 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2023-11-07 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change. | |||||
| CVE-2023-32962 | 1 Hasthemes | 1 Wishsuite | 2023-08-31 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions. | |||||
| CVE-2022-47172 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions. | |||||
| CVE-2023-23731 | 1 Hasthemes | 1 Wishsuite | 2023-07-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions. | |||||
| CVE-2023-23803 | 1 Hasthemes | 1 Justtables | 2023-07-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions. | |||||
| CVE-2023-23791 | 1 Hasthemes | 1 Ht Menu | 2023-07-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions. | |||||
| CVE-2023-23792 | 1 Hasthemes | 1 Swatchly | 2023-07-13 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions. | |||||
| CVE-2023-23804 | 1 Hasthemes | 1 Ht Feed | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions. | |||||
| CVE-2023-23802 | 1 Hasthemes | 1 Ht Easy Ga4 \(google Analytics 4\) | 2023-06-22 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions. | |||||
| CVE-2021-24261 | 1 Hasthemes | 1 Ht Mega - Absolute Addons For Elementor Page Builder | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24262 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||