Filtered by vendor Fruitfulcode Subscriptions
Filtered by product Fruitful Theme Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-36704 1 Fruitfulcode 1 Fruitful Theme 2024-12-20 6.4 Medium
The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitful_theme_options_action AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.