Rextheme Wp_vr
8 CVEs affecting Rextheme Wp_vr. Latest disclosed: 2025-06-28. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-40663 | High | 7.1 | 2023-09-27 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions. |
CVE-2025-6350 | Medium | 6.4 | 2025-06-28 | The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’… |
CVE-2023-6529 | Medium | 6.1 | 2024-01-08 | The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the pl… |
CVE-2023-1413 | Medium | 6.1 | 2023-04-17 | The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site… |
CVE-2023-0174 | Medium | 5.4 | 2023-02-06 | The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shor… |
CVE-2024-49293 | Medium | 4.3 | 2024-10-21 | Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: fr… |
CVE-2023-1414 | Medium | 4.3 | 2023-04-24 | The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated us… |
CVE-2023-25708 | Medium | 4.3 | 2023-03-15 | Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. |