Search
Search Results (10 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12895 | 3 Laborator, Woocommerce, Wordpress | 3 Kalium, Woocommerce, Wordpress | 2026-01-16 | 5.3 Medium |
| The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to use the theme an an open mail relay and send email to arbitrary email addresses on the server's behalf. | ||||
| CVE-2025-49926 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-11-13 | 7.3 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Laborator Kalium kalium allows Code Injection.This issue affects Kalium: from n/a through <= 3.25. | ||||
| CVE-2025-53349 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-11-13 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laborator Kalium kalium allows Reflected XSS.This issue affects Kalium: from n/a through <= 3.18.3. | ||||
| CVE-2025-53348 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-09-11 | 5.3 Medium |
| Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3. | ||||
| CVE-2025-53347 | 2 Laborator, Wordpress | 2 Kalium, Wordpress | 2025-08-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Laborator Kalium allows Cross Site Request Forgery. This issue affects Kalium: from n/a through 3.18.3. | ||||
| CVE-2020-24075 | 1 Laborator | 1 Kalium | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-23576 | 1 Laborator | 1 Neon | 2024-11-21 | 5.4 Medium |
| Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab. | ||||
| CVE-2020-14010 | 1 Laborator | 1 Xenon | 2024-11-21 | 6.1 Medium |
| The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via the data/typeahead-generate.php q (aka name) parameter. | ||||
| CVE-2020-13890 | 1 Laborator | 1 Neon | 2024-11-21 | 5.4 Medium |
| The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard. | ||||
| CVE-2019-20141 | 1 Laborator | 1 Neon | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. | ||||
Page 1 of 1.