Filtered by vendor Hasthemes
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46798 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2023-03-08 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.5.1 leading to plugin settings change. | |||||
| CVE-2023-0232 | 1 Hasthemes | 1 Shoplentor | 2023-02-27 | N/A | 9.8 CRITICAL |
| The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. | |||||
| CVE-2023-0231 | 1 Hasthemes | 1 Shoplentor | 2023-02-27 | N/A | 5.4 MEDIUM |
| The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2023-23899 | 1 Hasthemes | 1 Extensions For Cf7 | 2023-02-27 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. | |||||
| CVE-2022-4650 | 1 Hasthemes | 1 Hashbar | 2023-01-30 | N/A | 5.4 MEDIUM |
| The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | |||||
| CVE-2021-24261 | 1 Hasthemes | 1 Ht Mega - Absolute Addons For Elementor Page Builder | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2021-24262 | 1 Hasthemes | 1 Woolentor - Woocommerce Elementor Addons \+ Builder | 2021-05-11 | 3.5 LOW | 5.4 MEDIUM |
| The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||