Vulnerabilidades em spicethemes
12 resultadosCVE-2025-1307CRITICALNewscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.9%CVE-2025-1304HIGHNewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 1.0%CVE-2023-5362MEDIUMCarousel, Recent Post Slider and Banner Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.5%CVE-2025-1306HIGHNewscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File UploadEPSS 0.5%CVE-2025-48130HIGHWordPress Spice Blocks plugin <= 2.0.7.4 - Arbitrary File Download vulnerabilityEPSS 0.4%CVE-2025-1305HIGHNewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin InstallationEPSS 0.3%CVE-2024-8430MEDIUMSpice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content ImportEPSS 0.3%CVE-2025-39532HIGHWordPress Spice Blocks plugin <= 2.0.7.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-12821HIGHNewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin InstallationEPSS 0.3%CVE-2024-13362MEDIUMFreemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url ParameterEPSS 0.3%CVE-2024-44003HIGHWordPress Spice Starter Sites plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-39621HIGHWordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerabilityEPSS 0.1%