Known Vulnerabilities for products from Extendthemes
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Extendthemes".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-62751 json | Missing Authorization vulnerability in extendthemes Vireo vireo allows Exploiting Incorrectly Configured Access Control Secur... | Not Provided | 2025-12-31 | 2026-04-23 |
| CVE-2025-59593 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri P... | Not Provided | 2025-10-22 | 2026-04-23 |
| CVE-2025-32185 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri P... | Not Provided | 2025-04-04 | 2026-04-23 |
| CVE-2024-37458 json | Not Provided | 2025-01-02 | 2026-04-23 | |
| CVE-2024-37431 json | Not Provided | 2025-01-02 | 2026-04-23 | |
| CVE-2024-5038 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in a... | Not Provided | 2024-06-06 | 2026-04-08 |
| CVE-2024-4707 json | The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis_contac... | Not Provided | 2024-06-06 | 2026-04-08 |
| CVE-2024-4451 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_pla... | Not Provided | 2024-06-07 | 2026-04-08 |
| CVE-2024-3340 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri-gallery-... | Not Provided | 2024-05-02 | 2026-04-08 |
| CVE-2024-3338 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt data parameter in al... | Not Provided | 2024-05-02 | 2026-04-08 |
| CVE-2024-3337 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_breadcru... | Not Provided | 2024-05-02 | 2026-04-08 |
| CVE-2024-2839 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_tit... | Not Provided | 2024-04-02 | 2026-04-08 |
| CVE-2024-1870 json | The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability ... | Not Provided | 2024-03-09 | 2026-04-08 |
| CVE-2024-1362 json | The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includin... | Not Provided | 2024-02-23 | 2026-04-08 |
| CVE-2024-1361 json | The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and includin... | Not Provided | 2024-02-23 | 2026-04-08 |
| CVE-2023-6988 json | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_re... | Not Provided | 2024-01-11 | 2026-04-08 |
| CVE-2023-3204 json | The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.2... | Not Provided | 2024-06-20 | 2026-04-08 |
| CVE-2023-2188 json | The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and ... | Not Provided | 2023-08-31 | 2026-04-08 |
| CVE-2022-4762 json | The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before ... | 5.4 - MEDIUM | 2023-02-06 | 2023-11-07 |
| CVE-2022-4481 json | The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before ... | 5.4 - MEDIUM | 2023-01-16 | 2023-11-07 |