ByteOS Network

SteelThemes

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-54720

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-9.3||CRITICAL

EPSS-0.03% / 6.78%

7 Day CHG~0.00%

Published-28 Aug, 2025 | 12:37

Updated-29 Aug, 2025 | 16:24

WordPress Nest Addons Plugin <= 1.6.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SteelThemes Nest Addons allows SQL Injection. This issue affects Nest Addons: from n/a through 1.6.3.

Vendor-SteelThemes

Product-Nest Addons

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-10250

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.1||MEDIUM

EPSS-0.61% / 68.77%

7 Day CHG~0.00%

Published-23 Oct, 2024 | 13:58

Updated-25 Oct, 2024 | 16:37

Nioland <= 1.2.6 - Reflected Cross-Site Scripting via s

The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Vendor-steelthemes SteelThemes

Product-nioland Nioland - SaaS & Software Startup Tech WordPress Theme

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')