Search criteria
4 vulnerabilities by Marsian
CVE-2024-13559 (GCVE-0-2024-13559)
Vulnerability from cvelistv5 – Published: 2025-03-01 04:21 – Updated: 2025-03-03 17:38
VLAI?
Title
TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Summary
The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tx_woo_wishlist_table' shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| marsian | TemplatesNext ToolKit |
Affected:
* , ≤ 3.2.9
(semver)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T16:00:59.370094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T17:38:48.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TemplatesNext ToolKit",
"vendor": "marsian",
"versions": [
{
"lessThanOrEqual": "3.2.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The TemplatesNext ToolKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s \u0027tx_woo_wishlist_table\u0027 shortcode in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-01T04:21:49.690Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/775b6034-617a-4d84-a8fe-773ffbd9742a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/templatesnext-toolkit/trunk/inc/woo-compare-wishlist/includes/wishlist/shortcode.php#L13"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-28T15:27:36.000+00:00",
"value": "Disclosed"
}
],
"title": "TemplatesNext ToolKit \u003c= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-13559",
"datePublished": "2025-03-01T04:21:49.690Z",
"dateReserved": "2025-01-20T22:33:11.017Z",
"dateUpdated": "2025-03-03T17:38:48.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38731 (GCVE-0-2024-38731)
Vulnerability from cvelistv5 – Published: 2025-01-02 13:26 – Updated: 2025-01-02 14:34
VLAI?
Title
WordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Credits
Dhabaleshwar Das (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T14:34:18.517673Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T14:34:24.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/themes",
"defaultStatus": "unaffected",
"packageName": "i-amaze",
"product": "i-amaze",
"vendor": "Marsian",
"versions": [
{
"lessThanOrEqual": "1.3.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dhabaleshwar Das (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.\u003cp\u003eThis issue affects i-amaze: from n/a through 1.3.7.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T13:26:11.349Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/theme/i-amaze/vulnerability/wordpress-i-amaze-theme-1-3-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress i-amaze theme \u003c= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38731",
"datePublished": "2025-01-02T13:26:11.349Z",
"dateReserved": "2024-06-19T11:16:45.897Z",
"dateUpdated": "2025-01-02T14:34:24.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38764 (GCVE-0-2024-38764)
Vulnerability from cvelistv5 – Published: 2025-01-02 13:00 – Updated: 2025-01-02 14:37
VLAI?
Title
WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Marsian | i-transform |
Affected:
n/a , ≤ 3.0.9
(custom)
|
Credits
Dhabaleshwar Das (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T14:37:23.139932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T14:37:41.906Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/themes",
"defaultStatus": "unaffected",
"packageName": "i-transform",
"product": "i-transform",
"vendor": "Marsian",
"versions": [
{
"lessThanOrEqual": "3.0.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dhabaleshwar Das (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.\u003cp\u003eThis issue affects i-transform: from n/a through 3.0.9.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T13:00:37.338Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/theme/i-transform/vulnerability/wordpress-i-transform-theme-3-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress i-transform theme \u003c= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-38764",
"datePublished": "2025-01-02T13:00:37.338Z",
"dateReserved": "2024-06-19T12:34:40.590Z",
"dateUpdated": "2025-01-02T14:37:41.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31386 (GCVE-0-2024-31386)
Vulnerability from cvelistv5 – Published: 2024-04-10 18:47 – Updated: 2024-08-08 16:12
VLAI?
Title
Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Hidekazu Ishikawa | X-T9 |
Affected:
n/a , ≤ 1.19.0
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Dhabaleshwar Das (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:56.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/x-t9/wordpress-x-t9-theme-1-19-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/lightning/wordpress-lightning-theme-15-18-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/default-mag/wordpress-default-mag-theme-1-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/namaha/wordpress-namaha-theme-1-0-40-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/citylogic/wordpress-citylogic-theme-1-1-29-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/i-max/wordpress-i-max-theme-1-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/emmet-lite/wordpress-emmet-lite-theme-1-7-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/decode/wordpress-decode-theme-3-15-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/sliding-door/wordpress-sliding-door-theme-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/shopstar/wordpress-shopstar-theme-1-1-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/gridsby/wordpress-gridsby-theme-1-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/happenstance/wordpress-happenstance-theme-3-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/i-excel/wordpress-i-excel-theme-1-7-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/panoramic/wordpress-panoramic-theme-1-1-56-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/sensible-wp/wordpress-sensible-wp-theme-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T16:02:25.119504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T16:12:22.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "x-t9",
"product": "X-T9",
"vendor": "Hidekazu Ishikawa",
"versions": [
{
"changes": [
{
"at": "1.19.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.19.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "lightning",
"product": "Lightning",
"vendor": "Hidekazu Ishikawa",
"versions": [
{
"changes": [
{
"at": "15.19.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "15.18.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "default-mag",
"product": "Default Mag",
"vendor": "themeinwp",
"versions": [
{
"changes": [
{
"at": "1.3.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.3.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "namaha",
"product": "Namaha",
"vendor": "Out the Box",
"versions": [
{
"changes": [
{
"at": "1.0.41",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.40",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "citylogic",
"product": "CityLogic",
"vendor": "Out the Box",
"versions": [
{
"changes": [
{
"at": "1.1.30",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.1.29",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "i-max",
"product": "i-max",
"vendor": "Marsian",
"versions": [
{
"lessThanOrEqual": "1.6.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "emmet-lite",
"product": "Emmet Lite",
"vendor": "Jetmonsters",
"versions": [
{
"changes": [
{
"at": "1.7.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.7.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "decode",
"product": "Decode",
"vendor": "Macho Themes",
"versions": [
{
"lessThanOrEqual": "3.15.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "sliding-door",
"product": "Sliding Door",
"vendor": "Wayneconnor",
"versions": [
{
"changes": [
{
"at": "3.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "shopstar",
"product": "Shopstar!",
"vendor": "Out the Box",
"versions": [
{
"changes": [
{
"at": "1.1.34",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.1.33",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "gridsby",
"product": "Gridsby",
"vendor": "Modernthemesnet",
"versions": [
{
"lessThanOrEqual": "1.3.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "happenstance",
"product": "HappenStance",
"vendor": "TT Themes",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "i-excel",
"product": "i-excel",
"vendor": "Marsian",
"versions": [
{
"lessThanOrEqual": "1.7.9",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "panoramic",
"product": "Panoramic",
"vendor": "Out the Box",
"versions": [
{
"changes": [
{
"at": "1.1.57",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.1.56",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://wordpress.org/themes/",
"defaultStatus": "unaffected",
"packageName": "sensible-wp",
"product": "Sensible WP",
"vendor": "Modernthemesnet",
"versions": [
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dhabaleshwar Das (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.\u003cp\u003eThis issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T18:47:28.121Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/x-t9/wordpress-x-t9-theme-1-19-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/lightning/wordpress-lightning-theme-15-18-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/default-mag/wordpress-default-mag-theme-1-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/namaha/wordpress-namaha-theme-1-0-40-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/citylogic/wordpress-citylogic-theme-1-1-29-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/i-max/wordpress-i-max-theme-1-6-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/emmet-lite/wordpress-emmet-lite-theme-1-7-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/decode/wordpress-decode-theme-3-15-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/sliding-door/wordpress-sliding-door-theme-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/shopstar/wordpress-shopstar-theme-1-1-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/gridsby/wordpress-gridsby-theme-1-3-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/happenstance/wordpress-happenstance-theme-3-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/i-excel/wordpress-i-excel-theme-1-7-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/panoramic/wordpress-panoramic-theme-1-1-56-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
},
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/sensible-wp/wordpress-sensible-wp-theme-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update X-T9 to 1.19.1 or a higher version.\u003cbr\u003eUpdate Lightning to 15.19.0 or a higher version.\u003cbr\u003eUpdate Default Mag to 1.3.6 or a higher version.\u003cbr\u003eUpdate Namaha to 1.0.41 or a higher version.\u003cbr\u003eUpdate CityLogic to 1.1.30 or a higher version.\u003cbr\u003eUpdate Emmet Lite to 1.7.8 or a higher version.\u003cbr\u003eUpdate Sliding Door to 3.4 or a higher version.\u003cbr\u003eUpdate Shopstar! to 1.1.34 or a higher version.\u003cbr\u003eUpdate Panoramic to 1.1.57 or a higher version.\u003cbr\u003e"
}
],
"value": "Update X-T9 to 1.19.1 or a higher version.\nUpdate Lightning to 15.19.0 or a higher version.\nUpdate Default Mag to 1.3.6 or a higher version.\nUpdate Namaha to 1.0.41 or a higher version.\nUpdate CityLogic to 1.1.30 or a higher version.\nUpdate Emmet Lite to 1.7.8 or a higher version.\nUpdate Sliding Door to 3.4 or a higher version.\nUpdate Shopstar! to 1.1.34 or a higher version.\nUpdate Panoramic to 1.1.57 or a higher version.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-31386",
"datePublished": "2024-04-10T18:47:28.121Z",
"dateReserved": "2024-04-01T06:51:49.294Z",
"dateUpdated": "2024-08-08T16:12:22.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}