Known Vulnerabilities for products from ExtendThemes
Listed below are 20 of the newest known vulnerabilities associated with the vendor "ExtendThemes".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-62751 json | Missing Authorization vulnerability in extendthemes Vireo vireo allows Exploiting Incorrectly Configured Access Control Secur... | Not Provided | 2025-12-31 | 2026-04-23 |
| CVE-2025-59593 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri P... | Not Provided | 2025-10-22 | 2026-04-27 |
| CVE-2025-32185 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri P... | Not Provided | 2025-04-04 | 2026-04-23 |
| CVE-2024-37458 json | Not Provided | 2025-01-02 | 2026-04-23 | |
| CVE-2024-37431 json | Not Provided | 2025-01-02 | 2026-04-23 | |
| CVE-2024-33688 json | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Teluro.This issue affects Teluro: from n/a through 1.0.31. | Not Provided | 2024-04-26 | 2026-04-28 |
| CVE-2024-28004 json | Missing Authorization vulnerability in ExtendThemes Colibri Page Builder.This issue affects Colibri Page Builder: from n/a th... | Not Provided | 2024-03-28 | 2026-04-28 |
| CVE-2024-5038 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in a... | Not Provided | 2024-06-06 | 2026-04-08 |
| CVE-2024-4707 json | The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contac... | Not Provided | 2024-06-06 | 2026-04-08 |
| CVE-2024-4451 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_pla... | Not Provided | 2024-06-07 | 2026-04-08 |
| CVE-2024-3340 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-... | Not Provided | 2024-05-02 | 2026-04-08 |
| CVE-2024-3338 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in al... | Not Provided | 2024-05-02 | 2026-04-08 |
| CVE-2024-3337 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcru... | Not Provided | 2024-05-02 | 2026-04-08 |
| CVE-2024-2904 json | Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.3... | Not Provided | 2024-03-26 | 2026-04-28 |
| CVE-2024-2839 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_tit... | Not Provided | 2024-04-02 | 2026-04-08 |
| CVE-2024-1870 json | The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability ... | Not Provided | 2024-03-09 | 2026-04-08 |
| CVE-2024-1362 json | The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includin... | Not Provided | 2024-02-23 | 2026-04-08 |
| CVE-2024-1361 json | The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includin... | Not Provided | 2024-02-23 | 2026-04-08 |
| CVE-2023-50833 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExtendThemes Colibri Pa... | Not Provided | 2023-12-21 | 2026-04-28 |
| CVE-2023-6988 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_re... | Not Provided | 2024-01-11 | 2026-04-08 |