themeisle

Top products

The 15 most recently published vulnerabilities affecting themeisle.

• CVE-2026-11358Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu-item-icon' Parameter4.4Jun 18, 2026
• CVE-2026-42378WordPress WP Full Stripe Free plugin <= 8.4.1 - Broken Authentication vulnerability6.5Jun 15, 2026
• CVE-2026-39507WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability7.1Jun 15, 2026
• CVE-2026-23970WordPress Redirection for Contact Form 7 plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability7.1Jun 15, 2026
• CVE-2017-20251WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API9.8Jun 9, 2026
• CVE-2026-8976RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions4.3Jun 5, 2026
• CVE-2025-53209WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability9.8Jun 2, 2026
• CVE-2026-8689Visualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification via renderChartPages() and uploadData() Functions4.3May 28, 2026
• CVE-2026-42749WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability7.1May 27, 2026
• CVE-2026-24573WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability6.5May 20, 2026
• CVE-2026-2892Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie7.5Apr 30, 2026
• CVE-2026-25366WordPress Woody ad snippets plugin <= 2.7.1 - Remote Code Execution (RCE) vulnerability9.9Mar 25, 2026
• CVE-2026-2410Disable Admin Notices – Hide Dashboard Notifications <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update4.3Feb 25, 2026
• CVE-2026-1319Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field6.4Feb 5, 2026
• CVE-2026-1755Menu Icons by ThemeIsle <= 0.13.20 - Authenticated (Author+) Stored Cross-Site Scripting6.4Feb 3, 2026