Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
themegoods
514020.6%CRITICAL

Related CVEs

14
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-67922Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9.HIGH7.17.7%Jan 8, 2026
CVE-2025-64217Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2.HIGH7.17.2%Dec 18, 2025
CVE-2025-64224Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Reflected XSS.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.HIGH7.15.0%Nov 6, 2025
CVE-2025-60116Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type grandconference-custom-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Conference Theme Custom Post Type: from n/a through < 2.6.4.HIGH8.819.6%Sep 26, 2025
CVE-2025-47579Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2.HIGH8.122.0%Sep 9, 2025
CVE-2025-47584Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.HIGH7.523.2%Jun 6, 2025
CVE-2025-39485Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue affects Grand Tour: from n/a through <= 5.6.CRITICAL9.839.2%May 23, 2025
CVE-2025-39354Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference grandconference allows Object Injection.This issue affects Grand Conference: from n/a through <= 5.3.CRITICAL9.831.5%May 19, 2025
CVE-2025-39352Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.HIGH8.217.5%May 19, 2025
CVE-2025-39348Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.CRITICAL9.831.5%May 19, 2025
CVE-2025-32928Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through <= 5.2.2.CRITICAL9.831.5%May 19, 2025
CVE-2025-32926Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through <= 7.0.CRITICAL9.837.2%May 19, 2025
CVE-2025-39353Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through <= 7.0.MEDIUM5.312.9%May 19, 2025
CVE-2025-39351Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Cross Site Request Forgery.This issue affects Grand Restaurant: from n/a through <= 7.0.MEDIUM4.32.8%May 19, 2025