Archives: Vulnerabilities
Input validation vulnerability in Triss – Beauty Cosmetics Shop WordPress Theme 2.6
The Triss – Beauty Cosmetics Shop WordPress Theme is a theme that can be used on WordPress websites. However, it has a security issue that allows attackers to inject harmful scripts into the website. This can happen if a user is tricked into clicking on a link. This vulnerability exists in all versions up to 2.6.
Output validation vulnerability in Addison – Architecture & Interior Design WordPress Theme 1.4.8
The Addison theme for WordPress has a security issue that allows hackers to inject harmful code into it. This can happen when the theme receives input from an untrusted source. If the target system has additional plugins or themes with a similar issue, the attacker may be able to do things like delete files, access private information, or run their own code.
Input validation vulnerability in SmilePure – Dental & Medical Care WordPress Theme 1.8.5
The SmilePure theme for WordPress has a security issue where unauthenticated attackers can access and use files on the server without permission. This could potentially lead to unauthorized access, obtaining private information, or running code that could cause harm.
Input validation vulnerability in SmartMag – Newspaper Magazine & News WordPress 10.3.0
The SmartMag theme for WordPress has a security issue in versions 10.3.0 and below. This vulnerability allows attackers with contributor-level access or higher to add and run files on the server, which could contain harmful code. This can lead to bypassing security measures, getting access to private information, or executing code in situations where seemingly harmless files are uploaded and included.
Input validation vulnerability in SmartMag – Newspaper Magazine & News WordPress 10.3.1
The SmartMag theme for WordPress has a security issue called Stored Cross-Site Scripting. This can happen in versions up to 10.3.1. It occurs because the theme does not properly clean up and protect against harmful code. As a result, attackers who have contributor-level access or higher can add dangerous web scripts to pages. These scripts will run whenever a user opens the compromised page.