Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rextheme vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-25708
Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.
Rextheme Wp Vr – 360 Panorama And Virtual Tour Builder For Wordpress
Rextheme Wp Vr
6.1
CVSSv3
CVE-2023-6529
The WP VR WordPress plugin prior to 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.
Rextheme Wp Vr
4.3
CVSSv3
CVE-2023-1414
The WP VR WordPress plugin prior to 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours
Rextheme Wp Vr
6.1
CVSSv3
CVE-2023-40663
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions.
Rextheme Wp Vr
5.4
CVSSv3
CVE-2024-49293
Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a up to and including 8.5.4.
Rextheme Wp Vr
6.1
CVSSv3
CVE-2023-1413
The WP VR WordPress plugin prior to 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Rextheme Wp Vr
5.4
CVSSv3
CVE-2023-0174
The WP VR WordPress plugin prior to 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
Rextheme Wp Vr
6.1
CVSSv3
CVE-2022-47449
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions.
Rextheme Cart Lift – Abandoned Cart Recovery For Woocommerce And Edd
Rextheme Cart Lift - Abandoned Cart Recovery For Woocommerce And Edd
6.5
CVSSv3
CVE-2025-24730
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rextheme WP VR allows DOM-Based XSS. This issue affects WP VR: from n/a up to and including 8.5.14.
Rextheme Wp Vr
4.3
CVSSv3
CVE-2024-49680
Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a up to and including 8.5.5.
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
type confusion
unspecified
CVE-2025-24200
reflected XSS
panel
CVE-2024-12549
temporal technologies, inc.
CVE-2024-21971
CVE-2024-57777
CVE-2023-31122
CVE-2025-0909
winzip computing
unified secops platform
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »