Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

inkthemes

Source -

NVDCNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2025-48327
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.26%
||
7 Day CHG~0.00%
Published-28 Aug, 2025 | 12:37
Updated-28 Aug, 2025 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Mailgun SMTP plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7.

Action-Not Available
Vendor-inkthemes
Product-WP Mailgun SMTP
CWE ID-CWE-862
Missing Authorization
CVE-2023-25447
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 14:13
Updated-08 Jan, 2025 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ColorWay Theme <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions.

Action-Not Available
Vendor-inkthemesInkthemescom
Product-colorwayColorWay
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-3750
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 34.21%
||
7 Day CHG~0.00%
Published-21 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ask Me < 6.8.7 - Post Deletion via CSRF

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

Action-Not Available
Vendor-inkthemesUnknown
Product-ask_meAsk me
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-1251
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.70%
||
7 Day CHG+0.06%
Published-22 Aug, 2022 | 14:57
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ask Me < 6.8.4 - CSRF in Edit Profile

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

Action-Not Available
Vendor-inkthemesUnknown
Product-ask_meAsk me
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2016-10961
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.04%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:23
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.

Action-Not Available
Vendor-inkthemesn/a
Product-colorwayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')