MidnightBSD

Advisories for theme4press

CVE-2011-3852 MEDIUM

Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
theme4press evolve 1.0.5
theme4press evolve 1.0.9
theme4press evolve 1.1.2
theme4press evolve 1.1.4
theme4press evolve 1.2.0
theme4press evolve 1.0.2
theme4press evolve 1.0.0
theme4press evolve 1.2.2
theme4press evolve 1.2.3
theme4press evolve 1.2.4
theme4press evolve 1.0.1
theme4press evolve 1.1.1
theme4press evolve 1.0
theme4press evolve *
theme4press evolve 1.0.6
theme4press evolve 1.1.6
theme4press evolve 1.1.8
theme4press evolve 1.2.1
theme4press evolve 1.0.8
theme4press evolve 1.1.0
theme4press evolve 1.1.7
theme4press evolve 1.0.4
theme4press evolve 1.1.3
theme4press evolve 1.0.3
theme4press evolve 1.1.5
theme4press evolve 1.0.7
theme4press evolve 1.1.9
CVE-2024-37206

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme4Press Demo Awesome allows Reflected XSS.This issue affects Demo Awesome: from n/a through 1.0.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L 2.8 3.7

Products Affected

Vendor Product Version
theme4press demo_awesome *