Themeisle Menu Icons By Themeisle vulnerabilities

CVE-2026-1755 [MEDIUM] CWE-79 CVE-2026-1755: The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_wp_attachment_image_alt’ post meta in all versions up to, and including, 0.13.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary w

CVE-2024-4635 [MEDIUM] CWE-79 CVE-2024-4635: The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘add_mime_type’ function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts

CVE-2024-1047 [MEDIUM] CWE-862 CVE-2024-1047: Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized m Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_so