xylusthemes 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk file inclusion, and vendor risk csrf に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-58192 | Missing Authorization vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bulk Delete: from n/a through <= 1.3.6. | [email protected] | 4.3 | 0.05% | 2025-08-27 | 2026-04-23 |
| CVE-2025-47453 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import wp-smart-import allows PHP Local File Inclusion.This issue affects WP Smart Import: from n/a through <= 1.1.3. | [email protected] | 8.1 | 0.55% | 2025-05-23 | 2026-04-23 |
| CVE-2025-48256 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes Import Social Events import-facebook-events allows Stored XSS.This issue affects Import Social Events: from n/a through <= 1.8.5. | [email protected] | 6.5 | 0.13% | 2025-05-19 | 2026-04-23 |
| CVE-2025-47531 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes XT Event Widget for Social Events xt-facebook-events allows PHP Local File Inclusion.This issue affects XT Event Widget for Social Events: from n/a through <= 1.1.7. | [email protected] | 7.5 | 0.42% | 2025-05-07 | 2026-04-23 |
| CVE-2025-24700 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator wp-event-aggregator allows Reflected XSS.This issue affects WP Event Aggregator: from n/a through <= 1.8.2. | [email protected] | 7.1 | 0.13% | 2025-02-14 | 2026-04-23 |
| CVE-2024-47352 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Stored XSS.This issue affects WP Bulk Delete: from n/a through <= 1.3.1. | [email protected] | 7.1 | 0.17% | 2024-10-06 | 2026-04-23 |
| CVE-2024-38703 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Stored XSS.This issue affects WP Event Aggregator: from n/a through 1.7.9. | [email protected] | 6.5 | 0.16% | 2024-07-20 | 2026-01-12 |
| CVE-2024-32597 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Stored XSS.This issue affects WordPress Importer: from n/a through 1.0.7. | [email protected] | 5.9 | 0.12% | 2024-04-18 | 2026-04-28 |
| CVE-2024-31371 | Cross-Site Request Forgery (CSRF) vulnerability in Xylus Themes WP Event Aggregator.This issue affects WP Event Aggregator: from n/a through 1.7.6. | [email protected] | 4.3 | 0.10% | 2024-04-12 | 2026-04-28 |
| CVE-2024-30201 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WordPress Importer allows Reflected XSS.This issue affects WordPress Importer: from n/a through 1.0.4. | [email protected] | 7.1 | 0.35% | 2024-03-27 | 2026-04-28 |
| CVE-2022-40209 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xylus Themes WP Smart Import plugin <= 1.0.2 on WordPress. | [email protected] | 6.1 | 0.29% | 2022-12-06 | 2024-11-21 |
| CVE-2020-24147 | Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | [email protected] | 9.1 | 1.01% | 2021-07-07 | 2024-11-21 |