Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Cosmetsy Core 1.3.0

  • Severity: medium-risk
  • Status: Open
  • Publication: December 7, 2023

KlbTheme plugins for WordPress have been found to be vulnerable to Reflected Cross-Site Scripting. This means that malicious individuals may be able to inject web scripts into webpages if they can convince someone to click on a link or perform some other action. These scripts can be used to cause harm to users visiting the affected webpages. It is important for users of these plugins to ensure that they are running the most recent versions, as these have the necessary input sanitization and output escaping to prevent this vulnerability.

Detected in:

Bacola Core open vulnerable versions: >= * <= 1.3.3
Clotya Core open vulnerable versions: >= * <= 1.1.5
Cosmetsy Core open vulnerable versions: >= * <= 1.3.0
Furnob Core open vulnerable versions: >= * <= 1.1.7
Medibazar Core open vulnerable versions: >= * <= 1.2.3
Parto Core open vulnerable versions: >= * <= 1.0.9

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.