Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

codetipi

Source -

NVDCNA

BOS Name -

N/A

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2026-23544
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.05% / 14.92%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 08:26
Updated-19 Feb, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Valenti theme <= 5.6.3.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.

Action-Not Available
Vendor-codetipi
Product-Valenti
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-63021
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG-0.03%
Published-31 Dec, 2025 | 16:49
Updated-20 Jan, 2026 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codetipi Valenti Engine allows DOM-Based XSS.This issue affects Valenti Engine: from n/a through 1.0.3.

Action-Not Available
Vendor-codetipi
Product-Valenti Engine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-36510
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-2.58% / 85.27%
||
7 Day CHG~0.00%
Published-28 Feb, 2022 | 09:06
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
15Zine < 3.3.0 - Reflected Cross-Site Scripting

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting

Action-Not Available
Vendor-codetipiUnknown
Product-15zine15Zine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')