Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

seothemes

Source -

CNANVD

BOS Name -

N/A

CNA CVEs -

5

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2025-62097
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.60%
||
7 Day CHG+0.02%
Published-31 Dec, 2025 | 13:10
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SEO Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes SEO Slider seo-slider allows DOM-Based XSS.This issue affects SEO Slider: from n/a through <= 1.1.1.

Action-Not Available
Vendor-seothemes
Product-SEO Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51899
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.36%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 16:31
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Pricing Table plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes Simple Pricing Table simple-pricing-table allows Stored XSS.This issue affects Simple Pricing Table: from n/a through <= 1.0.0.

Action-Not Available
Vendor-seothemes
Product-Simple Pricing Table
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-51610
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-09 Nov, 2024 | 14:11
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Display Terms Shortcode plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in seothemes Display Terms Shortcode display-terms-shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through <= 1.0.4.

Action-Not Available
Vendor-seothemesseothemes
Product-display_terms_shortcodeDisplay Terms Shortcode
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1993
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.17% / 38.02%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Icon Widget <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-seothemes
Product-Icon Widget
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-5707
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.08% / 23.09%
||
7 Day CHG-0.00%
Published-03 Nov, 2023 | 12:31
Updated-08 Apr, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SEO Slider <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-seothemesseothemes
Product-seo_sliderSEO Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')