Rextheme Wp_vr

8 CVEs affecting Rextheme Wp_vr. Latest disclosed: 2025-06-28. Critical: 0, High: 1.

Top CVEs affecting Rextheme Wp_vr
CVESeverityScorePublishedSummary
CVE-2023-40663High7.12023-09-27Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions.
CVE-2025-6350Medium6.42025-06-28The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’…
CVE-2023-6529Medium6.12024-01-08The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the pl…
CVE-2023-1413Medium6.12023-04-17The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site…
CVE-2023-0174Medium5.42023-02-06The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shor…
CVE-2024-49293Medium4.32024-10-21Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: fr…
CVE-2023-1414Medium4.32023-04-24The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated us…
CVE-2023-25708Medium4.32023-03-15Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.