← Back

Radiustheme

radiustheme

24 CVEs • 13 products

Products (13)

Click to collapse
Toggle
Classified Listing
classified_listing
8 CVEs
The Post Grid
the_post_grid
6 CVEs
Team Wordpress Team Members Showcase
team_-_wordpress_team_members_showcase
2 CVEs
Testimonial Slider And Showcase
testimonial_slider_and_showcase
2 CVEs
Logo Slider And Showcase
logo_slider_and_showcase
1 CVE
Classified Listing Store & Membership
classified_listing_store_&_membership
1 CVE
Classima
classima
1 CVE
Classima Core
classima_core
1 CVE
Portfolio
portfolio
1 CVE
Variation Images Gallery For Woocommerce
variation_images_gallery_for_woocommerce
1 CVE
Review Schema
review_schema
1 CVE
Shopbuilder
shopbuilder
1 CVE
Widget For Google Reviews
widget_for_google_reviews
1 CVE

CVEs (24)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-2655
1Radiustheme
1Classified Listing
Nov 21, 2024
Sep 16, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-2654
1Radiustheme
4Classified Listing
Classified Listing Store & MembershipClassima+1 more
Jun 5, 2025
Sep 16, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core b...Show more
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site ScriptingShow less
CVE-2022-2557
1Radiustheme
1Team Wordpress Team Members Showcase
Nov 21, 2024
Aug 22, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after i...Show more
The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the userShow less
CVE-2021-24742
1Radiustheme
1Logo Slider And Showcase
Nov 21, 2024
Nov 1, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.