Filtered by vendor Radiustheme
Subscriptions
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25344 | 2 Radiustheme, Wordpress | 2 Review Schema, Wordpress | 2026-04-24 | 6.5 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme Review Schema review-schema allows Retrieve Embedded Sensitive Data.This issue affects Review Schema: from n/a through <= 2.2.6. | ||||
| CVE-2026-25026 | 2 Radiustheme, Wordpress | 2 Team, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.11. | ||||
| CVE-2025-58601 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in RadiusTheme Classified Listing classified-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Classified Listing: from n/a through <= 5.0.6. | ||||
| CVE-2025-57975 | 2 Radiustheme, Wordpress | 2 Team, Wordpress | 2026-04-23 | 4.3 Medium |
| Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.6. | ||||
| CVE-2025-54698 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-23 | 5.4 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0. | ||||
| CVE-2025-53565 | 2 Radiustheme, Wordpress | 2 Widget For Google Reviews, Wordpress | 2026-04-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Widget for Google Reviews business-reviews-wp allows PHP Local File Inclusion.This issue affects Widget for Google Reviews: from n/a through <= 1.0.15. | ||||
| CVE-2025-30814 | 2 Radiustheme, Wordpress | 2 The Post Grid, Wordpress | 2026-04-23 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme The Post Grid the-post-grid allows PHP Local File Inclusion.This issue affects The Post Grid: from n/a through <= 7.7.17. | ||||
| CVE-2025-24745 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Classified Listing classified-listing allows Reflected XSS.This issue affects Classified Listing: from n/a through <= 4.0.1. | ||||
| CVE-2024-37520 | 1 Radiustheme | 1 Shopbuilder | 2026-04-23 | 6.5 Medium |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through <= 2.1.12. | ||||
| CVE-2024-37481 | 1 Radiustheme | 1 The Post Grid | 2026-04-23 | 6.5 Medium |
| Missing Authorization vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.4. | ||||
| CVE-2024-35739 | 1 Radiustheme | 1 The Post Grid | 2026-04-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme The Post Grid the-post-grid.This issue affects The Post Grid: from n/a through <= 7.7.1. | ||||
| CVE-2025-7327 | 2 Radiustheme, Wordpress | 2 Widget For Google Reviews, Wordpress | 2026-04-22 | 8.8 High |
| The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files. | ||||
| CVE-2026-23546 | 2 Radiustheme, Wordpress | 2 Classified Listing, Wordpress | 2026-04-17 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in RadiusTheme Classified Listing classified-listing allows Retrieve Embedded Sensitive Data.This issue affects Classified Listing: from n/a through <= 5.3.4. | ||||
| CVE-2026-27383 | 2 Radiustheme, Wordpress | 2 Metro, Wordpress | 2026-04-16 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through <= 2.13. | ||||
| CVE-2026-27382 | 2 Radiustheme, Wordpress | 2 Metro, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Metro metro allows DOM-Based XSS.This issue affects Metro: from n/a through <= 2.13. | ||||
| CVE-2025-32657 | 2 Radiustheme, Wordpress | 2 Testimonial Slider And Showcase, Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a through <= 2.1.7. | ||||
| CVE-2024-3893 | 2 Radiustheme, Techlabpro1 | 2 Classified Listing, Classified Listing Plugin | 2026-04-08 | 4.3 Medium |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements. | ||||
| CVE-2024-1427 | 1 Radiustheme | 1 The Post Grid | 2026-04-08 | 6.4 Medium |
| The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the section title tag attribute in all versions up to, and including, 7.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1352 | 2 Radiustheme, Techlabpro1 | 2 Classified Listing, Classified Listing Plugin | 2026-04-08 | 6.5 Medium |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on the rtcl_import_location() rtcl_import_category() functions in all versions up to, and including, 3.0.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create terms. | ||||
| CVE-2024-0836 | 1 Radiustheme | 1 Review Schema | 2026-04-08 | 4.3 Medium |
| The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews. | ||||