Vulnerabilities and security researches forws-theme-addons ws-theme-addons

Jul 05, 2024

CVE, Research URL: 49de99b4d9366ab101a8419d8f628f119e0ccdb3
Home page URL: Security reports for WS Theme Addons
Application: WS Theme Addons
Date: Jul 03, 2024
Research Description: WS Theme Addons [ws-theme-addons] <= 2.0.0 (unfixed) WordPress WS Theme Addons Plugin <= 2.0.0 is vulnerable to Backdoor WordPress WS Theme Addons Plugin <= 2.0.0 is vulnerable to BackdoorSoftware: WS Theme AddonsLink: https://wordpress.org/plugins/ws-theme-addons/#developersAffected Version <= 2.0.0
Affected versions: Min -, max -.
Status: vulnerable

Aug 24, 2025

CVE, Research URL: CVE-2025-8062
Home page URL: Security reports for WS Theme Addons
Application: WS Theme Addons
Date: Aug 23, 2025
Research Description: The WS Theme Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ws_weather shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable