Aggregates CVE and security vulnerability intelligence across all rarathemes-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk csrf and vendor risk cross-site scripting, with potential vendor impact session compromise across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-23998 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in raratheme UltraLight the-ultralight allows Reflected XSS.This issue affects UltraLight: from n/a through <= 1.2. | [email protected] | 7.1 | 0.14% | 2025-01-21 | 2026-04-23 |
| CVE-2024-37937 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Rara Business rara-business allows Cross Site Request Forgery.This issue affects Rara Business: from n/a through <= 1.2.5. | [email protected] | 4.3 | 0.22% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37508 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Construction Landing Page construction-landing-page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through <= 1.3.5. | [email protected] | 4.3 | 0.18% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37503 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through <= 1.2.4. | [email protected] | 4.3 | 0.18% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37451 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Travel Agency travel-agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through <= 1.4.9. | [email protected] | 4.3 | 0.17% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37450 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Benevolent benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through <= 1.3.4. | [email protected] | 4.3 | 0.17% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37435 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Perfect Portfolio perfect-portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through <= 1.2.0. | [email protected] | 4.3 | 0.17% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37426 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Elegant Pink elegant-pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through <= 1.3.0. | [email protected] | 4.3 | 0.16% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37421 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme JobScout jobscout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through <= 1.1.4. | [email protected] | 4.3 | 0.16% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37413 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through <= 1.2.1. | [email protected] | 4.3 | 0.16% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37104 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Chic Lite chic-lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through <= 1.1.3. | [email protected] | 4.3 | 0.16% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37103 | Cross-Site Request Forgery (CSRF) vulnerability in raratheme Education Zone education-zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through <= 1.3.4. | [email protected] | 4.3 | 0.16% | 2025-01-02 | 2026-04-23 |
| CVE-2024-37505 | Missing Authorization vulnerability in Rara Themes Business One Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business One Page: from n/a through 1.2.9. | [email protected] | 4.3 | 0.17% | 2024-11-01 | 2026-01-09 |
| CVE-2024-37230 | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Book Landing Page.This issue affects Book Landing Page: from n/a through 1.2.3. | [email protected] | 4.3 | 0.13% | 2024-06-21 | 2024-11-21 |
| CVE-2024-34379 | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1. | [email protected] | 4.3 | 0.13% | 2024-05-06 | 2026-04-28 |
| CVE-2024-31384 | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Spa and Salon.This issue affects Spa and Salon: from n/a through 1.2.7. | [email protected] | 4.3 | 0.16% | 2024-04-15 | 2026-04-28 |
| CVE-2024-31428 | Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme The Conference.This issue affects The Conference: from n/a through 1.2.0. | [email protected] | 4.3 | 0.16% | 2024-04-15 | 2026-04-28 |
| CVE-2023-24404 | Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | [email protected] | 7.1 | 0.29% | 2023-04-23 | 2024-11-21 |
| CVE-2022-29451 | Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | [email protected] | 8.8 | 0.22% | 2022-04-29 | 2024-11-21 |