ByteOS Network

theme_switcha

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-46239

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-6.5||MEDIUM

EPSS-0.13% / 31.82%

7 Day CHG~0.00%

Published-22 Apr, 2025 | 09:53

Updated-28 Apr, 2026 | 16:12

WordPress Theme Switcha plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeff Starr Theme Switcha theme-switcha allows Stored XSS.This issue affects Theme Switcha: from n/a through <= 3.4.

Vendor-plugin-planet Jeff Starr

Product-theme_switcha Theme Switcha

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2023-5614

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.09% / 25.54%

7 Day CHG~0.00%

Published-20 Oct, 2023 | 04:30

Updated-08 Apr, 2026 | 17:17

Theme Switcha <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-plugin-planet specialk

Product-theme_switcha Theme Switcha – Easily Switch Themes for Development and Testing

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')