ByteOS Network

Elessi

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-49070

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.5||HIGH

EPSS-0.42% / 62.27%

7 Day CHG~0.00%

Published-04 Jul, 2025 | 11:17

Updated-28 Apr, 2026 | 16:12

WordPress Elessi < 6.4.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Elessi elessi-theme allows PHP Local File Inclusion.This issue affects Elessi: from n/a through < 6.4.1.

Vendor-NasaTheme

Product-Elessi

CWE ID-CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVE-2025-49873

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.18% / 39.98%

7 Day CHG~0.00%

Published-20 Jun, 2025 | 15:04

Updated-28 Apr, 2026 | 16:13

WordPress Elessi theme <= 6.3.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Elessi elessi-theme allows Reflected XSS.This issue affects Elessi: from n/a through <= 6.3.9.

Vendor-NasaTheme

Product-Elessi

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')