2 results (0.012 seconds)

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.This issue affects The7: from n/a through 11.7.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Dream-Theme The7 permite almacenar XSS. Este problema afecta a The7: desde n/a hasta 11.7.3. The The7 theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 11.7.3. This is due to missing or incorrect nonce validation on one of its functions. • https://patchstack.com/database/vulnerability/dt-the7/wordpress-the7-website-and-ecommerce-builder-for-wordpress-theme-11-0-3-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions. The The7 theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the legacy "DT Flickr" widget in versions up to, and including, 11.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/dt-the7/wordpress-the7-theme-11-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •