Vulnerabilities and security researches fortheme-blvd-widget-areas theme-blvd-widget-areas

Jun 07, 2024

CVE, Research URL: 35e355420bff6e6fbbf1c55074e47f35e5759ac5
Home page URL: Security reports for Theme Blvd Widget Areas
Application: Theme Blvd Widget Areas
Date: Nov 08, 2014
Research Description: Theme Blvd Widget Areas [theme-blvd-widget-areas] < 1.2.3 ThemeBlvd Themes/Plugins (Various Versions) - Missing Authorization Checks The following plugins and themes for WordPress are vulnerable to arbitrary option deletion and user data manipulation: Theme Blvd Shortcodes plugin <= 1.5.2 , Theme Blvd Widget Areas plugin < = 1.2.2, Theme Blvd Layout Builder plugin <= 2.0.1, Theme Blvd Sliders plugin <= 1.2.3, WP Jump Start theme <= 1.2.4, Alyeska theme <= 3.1.4, Akita theme <= 2.1.4, Arcadian Responsive theme <= 2.0.5, Swagger theme <= 2.1.4, Commodore theme <= 3.0.2, and Barely Corporate theme <= 4.1.4. This is due to missing authorization on the themeblvd_clear_options() and themeblvd_disable_nag() functions called via 'admin_init' hooks. This makes it possible for unauthenticated attackers to delete any option from the 'wp_options' table and edit any of their user metadata to 'true.'
Affected versions: Min -, max -.
Status: vulnerable

Sep 01, 2025

CVE, Research URL: CVE-2025-53289
Home page URL: Security reports for Theme Blvd Widget Areas
Application: Theme Blvd Widget Areas
Date: Aug 28, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Widget Areas allows Reflected XSS. This issue affects Theme Blvd Widget Areas: from n/a through 1.3.0.
Affected versions: Min -, max -.
Status: vulnerable