Filtered by vendor Wpmoose
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1388 | 1 Wpmoose | 1 Yuki | 2025-01-16 | 4.3 Medium |
| The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings. | ||||
| CVE-2024-1943 | 1 Wpmoose | 1 Yuki | 2025-01-08 | 4.3 Medium |
| The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-35731 | 1 Wpmoose | 1 Kenta Blocks | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9. | ||||
Page 1 of 1.