Filtered by vendor Cththemes Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-36502 1 Cththemes 1 Balkon 2024-09-26 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.
CVE-2019-20210 1 Cththemes 3 Citybook, Easybook, Townhub 2024-08-05 6.1 Medium
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
CVE-2019-20212 1 Cththemes 3 Citybook, Easybook, Townhub 2024-08-05 6.1 Medium
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.
CVE-2019-20211 1 Cththemes 3 Citybook, Easybook, Townhub 2024-08-05 6.1 Medium
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.
CVE-2019-20209 1 Cththemes 3 Citybook, Easybook, Townhub 2024-08-05 7.5 High
The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.
CVE-2023-29430 1 Cththemes 1 Theroof 2024-08-02 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.
CVE-2023-29236 1 Cththemes 1 Outdoor 2024-08-02 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions.
CVE-2023-25041 1 Cththemes 1 Monolit 2024-08-02 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.