Xtemos Woodmart
16 CVEs affecting Xtemos Woodmart. Latest disclosed: 2026-03-25. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-6746 | High | 8.8 | 2025-07-08 | The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it p… |
CVE-2026-23971 | High | 8.1 | 2026-03-25 | Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8. |
CVE-2025-49935 | High | 7.5 | 2025-10-22 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Lo… |
CVE-2025-6744 | High | 7.3 | 2025-07-08 | The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software al… |
CVE-2023-41872 | High | 7.1 | 2023-09-25 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. |
CVE-2025-49936 | Medium | 6.5 | 2025-10-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart woodmart allows DOM-Based XSS.This issue… |
CVE-2024-12333 | Medium | 6.5 | 2024-12-12 | The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowi… |
CVE-2025-6743 | Medium | 6.4 | 2025-07-08 | The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and includin… |
CVE-2023-32240 | Medium | 5.4 | 2025-01-02 | Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: fro… |
CVE-2023-32500 | Medium | 5.4 | 2023-11-09 | Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions. |
CVE-2023-32239 | Medium | 5.4 | 2023-06-22 | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions. |
CVE-2026-32405 | Medium | 5.3 | 2026-03-13 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in xtemos WoodMart woodmart allows Retrieve Embedded Sensitive Data.Th… |
CVE-2025-47600 | Medium | 5.3 | 2026-01-22 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affect… |
CVE-2025-8097 | Medium | 5.3 | 2025-07-26 | The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation… |
CVE-2025-6745 | Medium | 5.3 | 2025-07-11 | The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() funct… |
CVE-2023-25790 | Medium | 5.3 | 2024-04-24 | Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Sit… |