Export limit exceeded: 366936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69153 | 2 Designthemes, Wordpress | 2 Trendy Travel, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Trendy Travel <= 6.7 versions. | ||||
| CVE-2025-69154 | 2 Designthemes, Wordpress | 2 Spalab | Beauty Salon Wordpress Theme, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in SpaLab | Beauty Salon WordPress Theme <= 6.7 versions. | ||||
| CVE-2025-69155 | 2 Designthemes, Wordpress | 2 Fitness Zone Wordpress Theme, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions. | ||||
| CVE-2026-27402 | 2 Designthemes, Wordpress | 2 Kids Life | Children School Wordpress, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in Kids Life | Children School WordPress <= 5.2 versions. | ||||
| CVE-2026-27404 | 2 Designthemes, Wordpress | 2 Lms, Wordpress | 2026-07-06 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions. | ||||
| CVE-2025-68982 | 2 Designthemes, Wordpress | 2 Designthemes Lms, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6. | ||||
| CVE-2025-68981 | 3 Designthemes, Elementor, Wordpress | 3 Homefix Elementor Portfolio, Elementor, Wordpress | 2026-04-28 | 5.3 Medium |
| Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1. | ||||
| CVE-2025-68980 | 2 Designthemes, Wordpress | 2 Wedesigntech-portfolio, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2. | ||||
| CVE-2025-64221 | 2 Designthemes, Wordpress | 2 Reservation Plugin, Wordpress | 2026-04-24 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Reflected XSS.This issue affects Reservation Plugin: from n/a through <= 1.6. | ||||
| CVE-2025-68977 | 2 Designthemes, Wordpress | 2 Portfolio Addon, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio Addon designthemes-portfolio-addon allows DOM-Based XSS.This issue affects DesignThemes Portfolio Addon: from n/a through <= 1.5. | ||||
| CVE-2025-68978 | 2 Designthemes, Wordpress | 2 Core, Wordpress | 2026-04-24 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Core designthemes-core allows DOM-Based XSS.This issue affects DesignThemes Core: from n/a through <= 1.6. | ||||
| CVE-2025-69095 | 2 Designthemes, Wordpress | 2 Reservation Plugin, Wordpress | 2026-04-24 | 6.5 Medium |
| Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7. | ||||
| CVE-2026-27386 | 2 Designthemes, Wordpress | 2 Designthemes Directory Addon, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in designthemes DesignThemes Directory Addon designthemes-directory-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Directory Addon: from n/a through <= 1.8. | ||||
| CVE-2026-27388 | 2 Designthemes, Wordpress | 2 Designthemes Booking Manager, Wordpress | 2026-04-22 | 7.5 High |
| Missing Authorization vulnerability in designthemes DesignThemes Booking Manager designthemes-booking-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes Booking Manager: from n/a through <= 2.0. | ||||
| CVE-2026-22473 | 2 Designthemes, Wordpress | 2 Dental Clinic, Wordpress | 2026-04-22 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7. | ||||
| CVE-2026-27385 | 2 Designthemes, Wordpress | 2 Designthemes Portfolio, Wordpress | 2026-04-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designthemes DesignThemes Portfolio designthemes-portfolio allows Reflected XSS.This issue affects DesignThemes Portfolio: from n/a through <= 1.3. | ||||
| CVE-2026-27389 | 2 Designthemes, Wordpress | 2 Wedesigntech Ultimate Booking Addon, Wordpress | 2026-04-22 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||||
| CVE-2026-27390 | 2 Designthemes, Wordpress | 2 Wedesigntech Ultimate Booking Addon, Wordpress | 2026-04-22 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in designthemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Authentication Abuse.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.1. | ||||
| CVE-2026-27983 | 2 Designthemes, Wordpress | 2 Lms Elementor Pro, Wordpress | 2026-04-22 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4. | ||||
| CVE-2025-13542 | 2 Designthemes, Wordpress | 2 Designthemes Lms, Wordpress | 2026-04-21 | 9.8 Critical |
| The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. | ||||