Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
machothemes vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-36721
The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/we...
Machothemes Naturemag Lite
Machothemes Antreas
Colorlib Bonkers
Cpothemes Affluent
Cpothemes Transcend
Machothemes Regina Lite
Cpothemes Brilliance
Machothemes Medzone Lite
Colorlib Pixova Lite
Colorlib Newspaper X
Cpothemes Allegiant
Colorlib Illdy
Colorlib Activello
Machothemes Newsmag
Colorlib Shapely
9.8
CVSSv3
CVE-2020-36708
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1...
Machothemes Naturemag Lite
Colorlib Sparklinkg
Machothemes Antreas
Colorlib Bonkers
Cpothemes Affluent
Cpothemes Transcend
Machothemes Regina Lite
Cpothemes Brilliance
Machothemes Medzone Lite
Colorlib Pixova Lite
Colorlib Newspaper X
Cpothemes Allegiant
Colorlib Illdy
Colorlib Activello
Machothemes Newsmag
Colorlib Shapely
5.4
CVSSv3
CVE-2023-28493
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.
Machothemes Newsmag
4.8
CVSSv3
CVE-2023-0162
The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated att...
Machothemes Cpo Companion
5.4
CVSSv3
CVE-2022-4717
The Strong Testimonials WordPress plugin prior to 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be u...
Machothemes Strong Testimonials
8.8
CVSSv3
CVE-2023-52123
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a up to and including 3.1.10.
Machothemes Strong Testimonials
6.1
CVSSv3
CVE-2020-8549
Stored XSS in the Strong Testimonials plugin prior to 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
Machothemes Strong Testimonials
5.4
CVSSv3
CVE-2022-4837
The CPO Companion WordPress plugin prior to 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used ag...
Machothemes Cpo Companion
5.4
CVSSv3
CVE-2023-27619
Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.
Machothemes Regina Lite
5.4
CVSSv3
CVE-2020-9003
A stored XSS vulnerability exists in the Modula Image Gallery plugin prior to 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
Machothemes Modula Image Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »