Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
512025.9%CRITICAL

Related CVEs

12
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-58192Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through <= 1.3.6.MEDIUM5.45.9%Aug 27, 2025
CVE-2025-47453Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import wp-smart-import allows PHP Local File Inclusion.This issue affects WP Smart Import: from n/a through <= 1.1.3.CRITICAL9.837.9%May 23, 2025
CVE-2025-48256Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes Import Social Events import-facebook-events allows Stored XSS.This issue affects Import Social Events: from n/a through <= 1.8.5.MEDIUM5.412.0%May 19, 2025
CVE-2025-47531Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events allows PHP Local File Inclusion.This issue affects XT Event Widget for Social Events: from n/a through <= 1.1.7.HIGH8.841.8%May 7, 2025
CVE-2025-24700Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event Aggregator: from n/a through <= 1.8.2.MEDIUM6.114.4%Feb 14, 2025
CVE-2024-47352Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Stored XSS.This issue affects WP Bulk Delete: from n/a through <= 1.3.1.HIGH7.117.3%Oct 6, 2024
CVE-2024-38703Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9.MEDIUM6.518.4%Jul 20, 2024
CVE-2024-32597Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7.MEDIUM5.423.1%Apr 18, 2024
CVE-2024-31371Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6.MEDIUM4.310.0%Apr 12, 2024
CVE-2024-30201Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4.MEDIUM6.131.6%Mar 27, 2024
CVE-2022-40209Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress.MEDIUM6.1Dec 6, 2022
CVE-2020-24147Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.CRITICAL9.172.9%Jul 7, 2021