cbcvebase.

P-Themes Porto Theme Functionality vulnerabilities

4 known vulnerabilities affecting p-themes/porto_theme_functionality.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-3809P1HIGHCVSS 8.8ExploitedRansomware≤ 3.0.92024-05-14
CVE-2024-3809 [HIGH] CWE-98 CVE-2024-3809: The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all ve The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.9 via the 'slideshow_type' post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP
nvd
CVE-2024-3808P1HIGHCVSS 8.8ExploitedRansomware≤ 3.1.02024-05-14
CVE-2024-3808 [HIGH] CWE-98 CVE-2024-3808: The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all ve The Porto Theme - Functionality plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the 'porto_portfolios' shortcode 'portfolio_layout' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, al
nvd
CVE-2025-63066P4MEDIUMCVSS 6.5≤ 3.7.32025-12-09
CVE-2025-63066 [MEDIUM] CWE-79 CVE-2025-63066: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Stored XSS.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3.
nvd
CVE-2025-63067P4MEDIUMCVSS 4.3≤ 3.7.32025-12-09
CVE-2025-63067 [MEDIUM] CWE-862 CVE-2025-63067: Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allo Missing Authorization vulnerability in p-themes Porto Theme - Functionality porto-functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a through < 3.7.3.
nvd
P-Themes Porto Theme Functionality vulnerabilities | cvebase