Himer

himer

Vendor: 2code • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-2232 12code 1Himer Jan 2, 2026 Aug 5, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 The lacks CSRF checks allowing a user to invite any user to any group (including private groups)
CVE-2024-2235 12code 1Himer Nov 21, 2024 Jul 3, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack
CVE-2024-2234 12code 1Himer Nov 21, 2024 Jul 3, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks
CVE-2024-2233 12code 1Himer Nov 21, 2024 Jul 3, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group...Show more The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a groupShow less
CVE-2024-2231 12code 1Himer Jan 2, 2026 Jul 3, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The allows any authenticated user to join a private group due to a missing authorization check on a function
CVE-2024-2040 12code 1Himer Nov 21, 2024 Jul 3, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack