Catchthemes: Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Catch Themes Essential Widgets essential-widgets allows Stored XSS.This issue affects Essential Widgets: from n/a through <= 2.2.2.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-09
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Catch Themes Catch Dark Mode catch-dark-mode allows PHP Local File Inclusion.This issue affects Catch Dark Mode: from n/a through <= 2.0.1.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-04-04
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Full frame full-frame allows Stored XSS.This issue affects Full frame: from n/a through <= 2.7.2.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-10-06
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Catch Base catch-base allows Stored XSS.This issue affects Catch Base: from n/a through <= 3.4.6.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-10-06
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchthemes Create create allows Stored XSS.This issue affects Create: from n/a through <= 2.9.1.
CVSS Score
5.1
EPSS Score
0.001
Published
2024-10-06
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-04