Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Themeisle

Source -

CNA

BOS Name -

Themeisle

CNA CVEs -

28

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
28Vulnerabilities found
CVE-2017-20251
Assigner-VulnCheck
ShareView Details
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.07% / 21.14%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 11:48
Updated-09 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint with crafted content containing insert_php shortcodes to include and execute remote PHP files on the server.

Action-Not Available
Vendor-Themeisle
Product-Woody Code Snippets
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-53209
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 11.43%
||
7 Day CHG+0.01%
Published-02 Jun, 2026 | 09:43
Updated-02 Jun, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0.

Action-Not Available
Vendor-Themeisle
Product-Masteriyo LMS PRO
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-42749
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.67%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 09:49
Updated-27 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types (Remove comments) comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types (Remove comments): from n/a through <= 1.3.0.

Action-Not Available
Vendor-Themeisle
Product-Disable Comments for Any Post Types (Remove comments)
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2026-24573
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 10.37%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 12:54
Updated-20 May, 2026 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0.

Action-Not Available
Vendor-Themeisle
Product-Visualizer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-25366
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.07% / 21.77%
||
7 Day CHG~0.00%
Published-25 Mar, 2026 | 16:14
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in Themeisle Woody ad snippets insert-php allows Code Injection.This issue affects Woody ad snippets: from n/a through <= 2.7.1.

Action-Not Available
Vendor-Themeisle
Product-Woody ad snippets
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-66069
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.96%
||
7 Day CHG~0.00%
Published-21 Nov, 2025 | 12:29
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16.

Action-Not Available
Vendor-Themeisle
Product-PPOM for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-58789
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.05% / 17.25%
||
7 Day CHG~0.00%
Published-05 Sep, 2025 | 13:44
Updated-13 May, 2026 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Full Stripe Free Plugin <= 8.2.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle WP Full Stripe Free wp-full-stripe-free allows SQL Injection.This issue affects WP Full Stripe Free: from n/a through <= 8.2.5.

Action-Not Available
Vendor-Themeisle
Product-WP Full Stripe Free
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-58593
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.86%
||
7 Day CHG~0.00%
Published-03 Sep, 2025 | 14:36
Updated-13 May, 2026 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Orbit Fox by ThemeIsle Plugin <= 3.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 3.0.0.

Action-Not Available
Vendor-Themeisle
Product-Orbit Fox by ThemeIsle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-55715
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.57%
||
7 Day CHG+0.01%
Published-20 Aug, 2025 | 08:02
Updated-12 May, 2026 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Otter - Gutenberg Block Plugin <= 3.1.0 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Retrieve Embedded Sensitive Data.This issue affects Otter - Gutenberg Block: from n/a through <= 3.1.0.

Action-Not Available
Vendor-Themeisle
Product-Otter - Gutenberg Block
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CVE-2025-53254
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 24.50%
||
7 Day CHG~0.00%
Published-27 Jun, 2025 | 13:21
Updated-13 May, 2026 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Cyrlitera plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Cyrlitera cyrlitera allows Cross Site Request Forgery.This issue affects Cyrlitera: from n/a through <= 1.3.0.

Action-Not Available
Vendor-Themeisle
Product-Cyrlitera
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-22659
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.57%
||
7 Day CHG~0.00%
Published-27 Mar, 2025 | 15:01
Updated-12 May, 2026 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle themeisle-companion allows Stored XSS.This issue affects Orbit Fox by ThemeIsle: from n/a through <= 2.10.44.

Action-Not Available
Vendor-Themeisle
Product-orbit_foxOrbit Fox by ThemeIsle
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24666
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.32% / 55.21%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hyve Lite plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle AI Chatbot for WordPress – Hyve Lite hyve-lite allows Stored XSS.This issue affects AI Chatbot for WordPress – Hyve Lite: from n/a through <= 1.2.2.

Action-Not Available
Vendor-Themeisle
Product-AI Chatbot for WordPress – Hyve Lite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-24668
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.64%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Stored XSS.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.8.

Action-Not Available
Vendor-Themeisle
Product-PPOM for WooCommerce
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-39920
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.71% / 72.80%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-29 Apr, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Redirection for Contact Form 7 plugin <= 2.9.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 wpcf7-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through <= 2.9.2.

Action-Not Available
Vendor-Themeisle
Product-Redirection for Contact Form 7
CWE ID-CWE-862
Missing Authorization
CVE-2024-52420
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.75%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:32
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disable Admin Notices individually plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Disable Admin Notices individually disable-admin-notices allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through <= 1.4.0.

Action-Not Available
Vendor-Themeisle
Product-Disable Admin Notices individually
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-51671
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-2.7||LOW
EPSS-0.19% / 41.33%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:30
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through <= 3.0.3.

Action-Not Available
Vendor-Themeisle
Product-Otter - Gutenberg Block
CWE ID-CWE-862
Missing Authorization
CVE-2024-47325
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.63% / 70.73%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 10:03
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through <= 3.4.7.

Action-Not Available
Vendor-Themeisle
Product-multiple_page_generatorMPG
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-35728
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 37.77%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:21
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20.

Action-Not Available
Vendor-Themeisle
Product-product_addons_\&_fields_for_woocommercePPOM for WooCommerce
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-35682
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.23%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 14:56
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Themeisle Otter Blocks PRO.This issue affects Otter Blocks PRO: from n/a through 2.6.11.

Action-Not Available
Vendor-Themeisle
Product-otter_blocksOtter Blocks PRO
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-35736
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.5||HIGH
EPSS-0.52% / 67.20%
||
7 Day CHG~0.00%
Published-08 Jun, 2024 | 12:47
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.

Action-Not Available
Vendor-Themeisle
Product-visualizerVisualizer
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31301
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.06% / 17.69%
||
7 Day CHG~0.00%
Published-12 Apr, 2024 | 12:32
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

Action-Not Available
Vendor-Themeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPG
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-27951
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9.1||CRITICAL
EPSS-0.53% / 67.42%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 11:53
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

Action-Not Available
Vendor-Themeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPGmultiple_page_generator
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-30235
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 68.70%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 12:20
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

Action-Not Available
Vendor-Themeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPG
CWE ID-CWE-862
Missing Authorization
CVE-2024-27958
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 16:24
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5.

Action-Not Available
Vendor-Themeisle
Product-Visualizer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-33927
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.32% / 55.41%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 14:12
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.

Action-Not Available
Vendor-Themeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPGmultiple_page_generator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23708
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.61%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 12:27
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.

Action-Not Available
Vendor-Themeisle
Product-visualizerVisualizer: Tables and Charts Manager for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-46848
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.79%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 07:50
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.

Action-Not Available
Vendor-Themeisle
Product-visualizerVisualizer: Tables and Charts Manager for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47143
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 28.32%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 08:58
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.

Action-Not Available
Vendor-Themeisle
Product-multiple_page_generatorMultiple Page Generator Plugin – MPG
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)