Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
elegant themes vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-35945
An issue exists in the Divi Builder plugin, Divi theme, and Divi Extra theme prior to 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is...
Elegant Themes Divi
Elegant Themes Divi Builder
Elegant Themes Divi Extra
NA
CVE-2023-29099
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.
Elegant Themes Divi
5
CVSSv2
CVE-2015-1579
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate ...
Elegant Themes Divi -
2 EDB exploits
4 Github repositories
5
CVSSv2
CVE-2014-9734
Directory traversal vulnerability in the Slider Revolution (revslider) plugin prior to 4.2 for WordPress allows remote malicious users to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.
Themepunch Slider Revolution
2 EDB exploits
6.5
CVSSv2
CVE-2016-11004
The Elegant Themes Monarch plugin prior to 1.2.7 for WordPress has privilege escalation.
Elegantthemes Monarch
6.5
CVSSv2
CVE-2016-11002
The Elegant Themes Extra theme prior to 1.2.4 for WordPress has privilege escalation.
Elegantthemes Extra
6.5
CVSSv2
CVE-2016-11003
The Elegant Themes Bloom plugin prior to 1.1.1 for WordPress has privilege escalation.
Elegantthemes Monarch
2.1
CVSSv2
CVE-2012-4497
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x prior to 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL.
Devsaran Elegant Theme 7.x-1.x
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started