Filtered by vendor Themekraft
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5823 | 1 Themekraft | 1 Tk Google Fonts Gdpr Compliant | 2023-12-10 | N/A | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions. | |||||
CVE-2023-25981 | 1 Themekraft | 1 Post Form | 2023-12-10 | N/A | 5.4 MEDIUM |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. | |||||
CVE-2023-26326 | 1 Themekraft | 1 Buddyforms | 2023-12-10 | N/A | 9.8 CRITICAL |
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. | |||||
CVE-2022-38971 | 1 Themekraft | 1 Post Form Registration Form Profile Form For User Profiles And Content Forms | 2023-12-10 | N/A | 5.4 MEDIUM |
Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form – Registration Form – Profile Form for User Profiles and Content Forms for User Submissions plugin <= 2.7.5 versions. | |||||
CVE-2018-21003 | 1 Themekraft | 1 Buddyforms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The buddyforms plugin before 2.2.8 for WordPress has SQL injection. |