Vulnerabilities (CVE)

Filtered by vendor Hasthemes Subscribe
Total 38 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-35699 1 Hasthemes 1 Ht Feed 2024-11-21 N/A 6.5 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Feed allows Stored XSS.This issue affects HT Feed: from n/a through 1.2.8.
CVE-2023-51372 1 Hasthemes 1 Hashbar 2024-11-21 N/A 5.9 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1.
CVE-2023-50901 1 Hasthemes 1 Ht Mega 2024-11-21 N/A 7.1 HIGH
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega – Absolute Addons For Elementor: from n/a through 2.3.8.
CVE-2023-32962 1 Hasthemes 1 Wishsuite 2024-11-21 N/A 5.9 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions.
CVE-2023-23899 1 Hasthemes 1 Extensions For Cf7 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation.
CVE-2023-23804 1 Hasthemes 1 Ht Feed 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions.
CVE-2023-23803 1 Hasthemes 1 Justtables 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.
CVE-2023-23801 1 Hasthemes 1 Really Simple Google Tag Manager 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.
CVE-2023-23792 1 Hasthemes 1 Swatchly 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.
CVE-2023-23791 1 Hasthemes 1 Ht Menu 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions.
CVE-2023-23731 1 Hasthemes 1 Wishsuite 2024-11-21 N/A 4.3 MEDIUM
Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.
CVE-2023-1089 1 Hasthemes 1 Coupon Zen 2024-11-21 N/A 4.3 MEDIUM
The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-1088 1 Hasthemes 1 Wp Plugin Manager 2024-11-21 N/A 4.3 MEDIUM
The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-1087 1 Hasthemes 1 Wc Sales Notification 2024-11-21 N/A 4.3 MEDIUM
The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-1086 1 Hasthemes 1 Preview Link Generator 2024-11-21 N/A 4.3 MEDIUM
The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0505 1 Hasthemes 1 Ever Compare 2024-11-21 N/A 4.3 MEDIUM
The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0504 1 Hasthemes 1 Ht Politic 2024-11-21 N/A 4.3 MEDIUM
The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0503 1 Hasthemes 1 Free Woocommerce Theme 99fy Extension 2024-11-21 N/A 4.3 MEDIUM
The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0502 1 Hasthemes 1 Wp News 2024-11-21 N/A 6.5 MEDIUM
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
CVE-2023-0501 1 Hasthemes 1 Wp Insurance 2024-11-21 N/A 6.5 MEDIUM
The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack