CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12333 – WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-12333
11 Dec 2024 — The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. El tema Woodmart para WordPress es vulnerable a la ejecución arbitraria de códigos cortos en todas las versiones h... • https://themeforest.net/item/woodmart-woocommerce-wordpress-theme/20264492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41872 – WordPress WoodMart Theme <= 7.2.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-41872
05 Sep 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Xtemos WoodMart en versiones <= 7.2.4. The WoodMart theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha... • https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-2-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32240 – WordPress Woodmart theme <= 7.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-32240
11 May 2023 — Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1. The WoodMart theme for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on an unknown function in versions up to, and including, 7.2.1. This makes it possible for authenticated attackers , with subscriber-level access and above, to invoke this function. • https://patchstack.com/database/wordpress/theme/woodmart/vulnerability/wordpress-woodmart-theme-7-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32242 – WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-32242
11 May 2023 — Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36. Vulnerabilidad de deserialización de datos no confiables en xtemos WoodMart - Multipurpose WooCommerce Theme. Este problema afecta a WoodMart - Multipurpose WooCommerce Theme: desde n/a hasta 1.0.36. The Woodmart Core plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.36 via des... • https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-php-object-injection?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32500 – WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-32500
01 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en xtemos WoodMart - Multipurpose WooCommerce Theme en versiones <= 7.1.1. The Woodmart theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1.1. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to modify the ... • https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25790 – WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection
https://notcve.org/view.php?id=CVE-2023-25790
16 Feb 2023 — Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. Autenticación inadecuada, neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ("Cross-site Scripting") en xtemos WoodMart permite Cross-Site Scripting (XSS). Este problema afecta a WoodMart: desde n/a hasta 7.0.4. The Woodmart theme for Wo... • https://packetstorm.news/files/id/171154 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-287: Improper Authentication •