medium
6.1
CWE
79
Advisory Published
Updated

CVE-2023-2813: Multiple Themes - Reflected XSS

First published: Mon Sep 04 2023(Updated: )

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.

Credit: contact@wpscan.com contact@wpscan.com

Affected SoftwareAffected VersionHow to fix
Ajaydsouza Connections Reloaded<=3.1
Archimidismertzanos Atlast Business<=1.5.8.5
Archimidismertzanos Fashionable Store<=1.3.4
Archimidismertzanos Nothing Personal<=1.0.7
Arthousewebdesign Brain Power<=1.2
Asmedia Moseter<=1.3.1
Asmedia Tuaug4<=1.4
Ayecode Cafe Bistro<1.1.4
Ayecode College<1.5.1
Ayecode Directory<3.0.2
Ayecode Plato<1.1.9
Ayecode Restaurant Pt<1.1.3
Ayecode Wedding Bride<1.0.2
Climaxthemes Kata<1.2.9
Competethemes Drop<1.22
Davidgarlitz Viala<=1.3.1
Deothemes Arendelle<1.1.13
Deothemes Everse<1.2.4
Deothemes Nokke<1.2.4
Dotecsa Ilex<1.4.2
Dotecsa Viburno<1.3.2
Fredriksoerlie Ultralight<=1.2
Fyrewurks Polka Dots<=1.2
Fyrewurks Tiki Time<=1.3
Henleythemes Counterpoint<=1.8.1
Iznyn Opor Ayam<=1.8
Iznyn Purity Of Soul<=1.9
Jinwen Js O3 Lite<=1.5.8.2
Jinwen Js Paper<=2.5.7
Marchettidesign Fullbase<1.2.1
Marchettidesign Wlow<1.2.7
Omarfolgheraiter Digitally<=1.0.8
Saumendra Aapna<=1.3
Saumendra Anand<=1.2
Ta2g Tantyyellow<=1.0.0.5
Themeinprogress Bazaar Lite<1.8.6
Themeinprogress Looki Lite<1.3.0
Themeinprogress Saul<1.1.0
Themeinprogress Saul Lite<1.4.6
Themeinprogress Venice Lite<=1.5.5
Thewebhunter Anfaust<=1.1
Thewebhunter Offset Writing<=1.2
Thriveweb Pinzolo<1.2.10
Tijaji Tijaji<=1.43
Wpmole Tydskrif<=1.1.3
Yws Bunnypress Lite<=2.1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-2813?

    The severity of CVE-2023-2813 is medium (6.1).

  • What software versions are affected by CVE-2023-2813?

    The affected software versions of CVE-2023-2813 vary depending on the theme, please refer to the vulnerability reference for more details.

  • How can I fix CVE-2023-2813?

    To fix CVE-2023-2813, it is recommended to update the affected WordPress themes to the latest version provided by the theme developers.

  • What is the Common Weakness Enumeration (CWE) for CVE-2023-2813?

    The Common Weakness Enumeration (CWE) for CVE-2023-2813 is CWE-79 (Improper Neutralization of Input During Web Page Generation).

  • Where can I find more information about CVE-2023-2813?

    You can find more information about CVE-2023-2813 at the following reference: [link](https://wpscan.com/vulnerability/f434afd3-7de4-4bf4-a9bb-9f9aeaae1dc5)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203