Search criteria
2 vulnerabilities by ThemePunch
CVE-2026-57678 (GCVE-0-2026-57678)
Vulnerability from cvelistv5 – Published: 2026-07-02 11:32 – Updated: 2026-07-02 12:21
VLAI?
Title
WordPress Slider Revolution plugin 7.0.0-7.0.16 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS.
This issue affects Slider Revolution: from 7.0.0 through 7.0.16.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ThemePunch | Slider Revolution |
Affected:
7.0.0 , ≤ 7.0.16
(custom)
|
Credits
daroo | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57678",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:21:03.662984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:21:24.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Slider Revolution",
"vendor": "ThemePunch",
"versions": [
{
"changes": [
{
"at": "7.1.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "daroo | Patchstack Bug Bounty Program"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ThemePunch Slider Revolution allows Reflected XSS.\u003cp\u003eThis issue affects Slider Revolution: from 7.0.0 through 7.0.16.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in ThemePunch Slider Revolution allows Reflected XSS.\n\nThis issue affects Slider Revolution: from 7.0.0 through 7.0.16."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T11:32:06.900Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/revslider/vulnerability/wordpress-slider-revolution-plugin-7-0-16-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress Slider Revolution Plugin to the latest available version (at least 7.1.0)."
}
],
"value": "Update the WordPress Slider Revolution Plugin to the latest available version (at least 7.1.0)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Slider Revolution plugin 7.0.0-7.0.16 - Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-57678",
"datePublished": "2026-07-02T11:32:06.900Z",
"dateReserved": "2026-06-25T08:03:42.567Z",
"dateUpdated": "2026-07-02T12:21:24.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-3235 (GCVE-0-2024-3235)
Vulnerability from cvelistv5 – Published: 2024-04-10 04:30 – Updated: 2026-04-08 17:15
VLAI?
Title
Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure
Summary
The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ThemePunch | Essential Grid Gallery WordPress Plugin |
Affected:
0 , ≤ 3.1.1
(semver)
|
Credits
AmrAwad
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:28:07.965787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:13.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:08.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adadac1e-3d92-41a5-90d4-b2028c8c40c0?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://codecanyon.net/item/essential-grid-wordpress-plugin/7563340"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Essential Grid Gallery WordPress Plugin",
"vendor": "ThemePunch",
"versions": [
{
"lessThanOrEqual": "3.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "AmrAwad"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Essential Grid Gallery WordPress Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.1 via the on_front_ajax_action() function. This makes it possible for unauthenticated attackers to view private and password protected posts that may have private or sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:15:10.787Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/adadac1e-3d92-41a5-90d4-b2028c8c40c0?source=cve"
},
{
"url": "https://www.essential-grid.com/documentation/changelog"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-09T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Essential Grid \u003c= 3.1.1 - Unauthenticated Private Post Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-3235",
"datePublished": "2024-04-10T04:30:20.663Z",
"dateReserved": "2024-04-02T19:16:59.676Z",
"dateUpdated": "2026-04-08T17:15:10.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}