Filtered by vendor Themeum
Subscriptions
Filtered by product Kirki
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57725 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-07-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Kirki kirki allows Stored XSS.This issue affects Kirki: from n/a through <= 6.0.11. | ||||
| CVE-2026-57726 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-07-13 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Kirki kirki allows Blind SQL Injection.This issue affects Kirki: from n/a through <= 6.0.12. | ||||
| CVE-2026-57724 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-07-13 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Themeum Kirki kirki allows Object Injection.This issue affects Kirki: from n/a through <= 6.0.12. | ||||
| CVE-2026-57727 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-07-13 | 7.5 High |
| Missing Authorization vulnerability in Themeum Kirki kirki allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kirki: from n/a through <= 6.0.13. | ||||
| CVE-2026-57680 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-07-02 | 6.5 Medium |
| Unauthenticated Insecure Direct Object References (IDOR) in Kirki <= 6.0.11 versions. | ||||
| CVE-2026-57627 | 2 Themeum, Wordpress | 2 Kirki, Wordpress | 2026-06-29 | 4.9 Medium |
| Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions. | ||||
Page 1 of 1.