Tielabs Jannah vulnerabilities
7 known vulnerabilities affecting tielabs/jannah.
Total CVEs
7
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-64206P3CRITICALCVSS 9.8≤ 7.6.02025-12-18
CVE-2025-64206 [CRITICAL] CWE-502 CVE-2025-64206: Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.Thi
Deserialization of Untrusted Data vulnerability in TieLabs Jannah jannah allows Object Injection.This issue affects Jannah: from n/a through <= 7.6.0.
nvd
CVE-2021-24407P3MEDIUMCVSS 6.1PoCfixed in 5.4.5≥ 5.4.5, < 5.4.52021-07-06
CVE-2021-24407 [MEDIUM] CWE-79 CVE-2021-24407: The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its
The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability.
nvd
CVE-2021-24364P3MEDIUMCVSS 6.1PoCfixed in 5.4.4≥ 5.4.4, < 5.4.42021-06-21
CVE-2021-24364 [MEDIUM] CWE-79 CVE-2021-24364: The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its
The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
nvd
CVE-2026-25464P3HIGHCVSS 8.1≤ 7.6.42026-03-25
CVE-2026-25464 [HIGH] CWE-98 CVE-2026-25464: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.4.
nvd
CVE-2025-64205P3HIGHCVSS 8.1≤ 7.6.02025-12-18
CVE-2025-64205 [HIGH] CWE-98 CVE-2025-64205: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through <= 7.6.0.
nvd
CVE-2025-53334P3HIGHCVSS 8.1≤ 7.5.12025-08-28
CVE-2025-53334 [HIGH] CWE-98 CVE-2025-53334: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TieLabs Jannah jannah allows PHP Local File Inclusion.This issue affects Jannah: from n/a through < 7.5.1.
nvd
CVE-2025-64207P4HIGHCVSS 7.1≤ 7.6.02025-12-18
CVE-2025-64207 [HIGH] CWE-79 CVE-2025-64207: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through <= 7.6.0.
nvd