July 14, 2020

WordPress Theme with SQLi and XSS

CVE-2020-15363

The Nexos theme through 1.7 for WordPress allows side-map/?search_order= SQL Injection.

CVE-2020-15364

The Nexos theme through 1.7 for WordPress allows top-map/?search_location= reflected XSS.