Filtered by vendor Themehunk
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30881 | 2 Themehunk, Wordpress | 2 Big Store, Wordpress | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeHunk Big Store allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Big Store: from n/a through 2.0.8. | ||||
| CVE-2025-22644 | 1 Themehunk | 1 Vayu Blocks | 2026-01-09 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeHunk Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce allows Stored XSS.This issue affects Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce: from n/a through 1.2.1. | ||||
| CVE-2025-30990 | 1 Themehunk | 1 Mega Menu | 2026-01-09 | 4.3 Medium |
| Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1. | ||||
| CVE-2022-40218 | 1 Themehunk | 1 Advance Product Search | 2026-01-09 | 6.5 Medium |
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | ||||
| CVE-2023-28688 | 2 Themehunk, Wordpress | 2 Variation Swatches, Wordpress | 2026-01-09 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7. | ||||
| CVE-2025-52816 | 2 Themehunk, Wordpress | 2 Zita, Wordpress | 2026-01-09 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themehunk Zita allows PHP Local File Inclusion. This issue affects Zita: from n/a through 1.6.5. | ||||
| CVE-2025-62902 | 2 Themehunk, Wordpress | 2 Wp Popup Builder, Wordpress | 2026-01-08 | 7.5 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6. | ||||
| CVE-2025-12040 | 3 Themehunk, Woocommerce, Wordpress | 3 Wishlist For Woocommerce, Woocommerce, Wordpress | 2025-11-26 | 6.5 Medium |
| The Wishlist for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.9 via several functions in class-th-wishlist-frontend.php due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to modify other user's wishlists | ||||
| CVE-2022-38057 | 1 Themehunk | 2 Advanced Wordpress Search, Th Advance Product Search | 2025-06-30 | 6.5 Medium |
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. | ||||
| CVE-2022-23180 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-06-16 | 4.3 Medium |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings | ||||
| CVE-2024-10475 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-06-09 | 4.8 Medium |
| The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin before 1.9.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-2405 | 1 Themehunk | 1 Wp Popup Builder | 2025-05-21 | 4.3 Medium |
| The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | ||||
| CVE-2022-2404 | 1 Themehunk | 1 Wp Popup Builder | 2025-05-21 | 6.1 Medium |
| The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2024-11972 | 1 Themehunk | 1 Hunk Companion | 2025-05-17 | 9.8 Critical |
| The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed. | ||||
| CVE-2022-23179 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-05-09 | 4.8 Medium |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||||
| CVE-2024-3637 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2025-05-08 | 6.1 Medium |
| The Responsive Contact Form Builder & Lead Generation Plugin WordPress plugin through 1.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-8434 | 1 Themehunk | 1 Mega Menu | 2024-12-17 | 4.3 Medium |
| The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform actions like updating plugin settings. | ||||
| CVE-2024-9707 | 1 Themehunk | 1 Hunk Companion | 2024-11-25 | 9.8 Critical |
| The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | ||||
| CVE-2023-27431 | 1 Themehunk | 1 Big Store | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions. | ||||
| CVE-2021-24967 | 1 Themehunk | 1 Contact Form \& Lead Form Elementor Builder | 2024-11-21 | 6.1 Medium |
| The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leads | ||||