Filtered by vendor Themeum Subscriptions
Filtered by product Kirki Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-57725 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-07-13 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11.
CVE-2026-57726 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-07-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.12.
CVE-2026-57724 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-07-13 9.8 Critical
Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through <= 6.0.12.
CVE-2026-57727 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-07-13 7.5 High
Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13.
CVE-2026-57680 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-07-02 6.5 Medium
Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions.
CVE-2026-57627 2 Themeum, Wordpress 2 Kirki, Wordpress 2026-06-29 4.9 Medium
Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.