Kapee
Monthly
Reflected/stored cross-site scripting in the Kapee WordPress theme versions prior to 1.7.1 allows remote unauthenticated attackers to inject arbitrary script that executes in a victim's browser after user interaction, with a scope change that can impact other components beyond the vulnerable theme. No public exploit identified at time of analysis, but the vulnerability was disclosed via Patchstack with a CVSS of 7.1, reflecting the unauthenticated nature combined with required user interaction.
Unauthenticated PHP object injection in the Kapee WordPress theme versions prior to 1.7.0 allows remote attackers to inject crafted serialized objects that, when combined with suitable gadget chains, can lead to high-impact compromise of confidentiality, integrity, and availability. The flaw was reported by Patchstack and a vendor patch is available; no public exploit identified at time of analysis, but the unauthenticated network vector makes this a meaningful priority for sites running this commercial WooCommerce theme.
Reflected/stored cross-site scripting in the Kapee WordPress theme versions prior to 1.7.1 allows remote unauthenticated attackers to inject arbitrary script that executes in a victim's browser after user interaction, with a scope change that can impact other components beyond the vulnerable theme. No public exploit identified at time of analysis, but the vulnerability was disclosed via Patchstack with a CVSS of 7.1, reflecting the unauthenticated nature combined with required user interaction.
Unauthenticated PHP object injection in the Kapee WordPress theme versions prior to 1.7.0 allows remote attackers to inject crafted serialized objects that, when combined with suitable gadget chains, can lead to high-impact compromise of confidentiality, integrity, and availability. The flaw was reported by Patchstack and a vendor patch is available; no public exploit identified at time of analysis, but the unauthenticated network vector makes this a meaningful priority for sites running this commercial WooCommerce theme.