Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Fioxen – Directory Listing WordPress Theme 1.0.9

  • Severity: medium-risk
  • Status: Open
  • Publication: January 6, 2025

Some themes made by gavias for WordPress have a security issue called Reflected Cross-Site Scripting. This can happen in different versions because the input is not properly checked for dangerous code and the output is not properly protected. This means that someone who is not logged in to the website could insert harmful code into a page and make it run if they can trick a user into doing something like clicking on a link.

Detected in:

Aports - Single Property WordPress Theme open vulnerable versions: >= * <= 1.0.0
Boliin - Resort & Hotel Booking WordPress Theme open vulnerable versions: >= * <= 1.0.5
Constix - Construction Factory & Industrial WordPress Theme open vulnerable versions: >= * <= 1.0.0
Conult - Consulting Business WordPress Themes open vulnerable versions: >= * <= 1.3.3
Fioxen - Directory Listing WordPress Theme open vulnerable versions: >= * <= 1.0.9
Gowilds - Travel & Tour Booking WordPress Theme open vulnerable versions: >= * <= 1.0.2
Halpes - Nonprofit Charity Drupal 10 Theme open vulnerable versions: >= * <= 1.0.3
Lestin - Directory Listing WordPress Theme open vulnerable versions: >= * <= 1.0.6
Modins - Insurance & Finance Drupal 11 Theme open vulnerable versions: >= * <= 1.0.4
Orgarium - Agriculture & Organic Farm WordPress Theme open vulnerable versions: >= * <= 1.0.5
Paroti - Nonprofit Charity WordPress Theme open vulnerable versions: >= * <= 1.0.3
Pisole - Digital Creative Agency WordPress Theme open vulnerable versions: >= * <= 1.0.0
Qempo - Digital Agency Services WordPress Theme open vulnerable versions: >= * <= 1.2.6
Qizon - Crowdfunding & Charity WordPress Theme open vulnerable versions: >= * <= 1.0.0
Sominx - Creative Business Agency WordPress Theme open vulnerable versions: >= * <= 1.1.1
Tevily - Travel & Tour Booking WordPress Theme open vulnerable versions: >= * <= 1.2.1
TheFude - Crowdfunding & Charity WordPress Theme open vulnerable versions: >= * <= 1.2.0
Welowe - Nonprofit Charity WordPress Theme open vulnerable versions: >= * <= 1.0.0
Zilom - Online Education Learning WordPress Theme open vulnerable versions: >= * <= 1.2.1

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.