Machothemes Machothemes

  1. Vendors
  2. Machothemes

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Machothemes product.

RSS Feeds for Machothemes security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Machothemes products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Machothemes Sorted by Most Security Vulnerabilities since 2018

Machothemes Newsmag4 vulnerabilities

Machothemes Regina Lite3 vulnerabilities

Machothemes Strong Testimonials3 vulnerabilities

Machothemes Antreas2 vulnerabilities

Machothemes Cpo Companion2 vulnerabilities

Machothemes Image Photo Gallery Final Tiles Grid2 vulnerabilities

Machothemes Medzone Lite2 vulnerabilities

Machothemes Naturemag Lite2 vulnerabilities

Machothemes Modula Image Gallery1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Machothemes. Last year, in 2025 Machothemes had 1 security vulnerability published. Right now, Machothemes is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 1 5.40
2024 1 8.80
2023 7 6.10
2022 1 5.40
2021 1 6.10
2020 2 0.00

It may take a day or so for new Machothemes vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Machothemes Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-6261 Feb 27, 2025
Stored XSS in Final Tiles Grid WP plugin 3.6.0 via FinalTilesGallery shortcode The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'FinalTilesGallery' shortcode in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Image Photo Gallery Final Tiles Grid
CVE-2023-52123 Jan 05, 2024
CSRF in WPChill Strong Testimonials <3.1.10 Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
Strong Testimonials
CVE-2020-36721 Jun 07, 2023
WP Themes <=1.3.1 Unauth Plugin Act/Deact (CVE-2020-36721) The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.
Naturemag Lite
Antreas
Regina Lite
And others...
CVE-2020-36708 Jun 07, 2023
WordPress Themes <=1.3.1 Function Injection via epsilon_framework_ajax_action The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.
Naturemag Lite
Antreas
Regina Lite
And others...
CVE-2023-28493 May 08, 2023
Reflected XSS in Macho Themes' NewsMag <=2.4.4 (subscriber+ auth) Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.
Newsmag
CVE-2023-27619 Apr 25, 2023
XSS in Macho Themes Regina Lite <=2.0.7 Reflected Vulnerability Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.
Regina Lite
CVE-2022-4717 Feb 06, 2023
Stored XSS in WordPress Strong Testimonials <3.0.3 via unescaped shortcode attrs The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Strong Testimonials
CVE-2022-4837 Jan 30, 2023
CPO Companion WP Plugin <=1.0.9 allows Stored XSS via shortcode attributes The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Cpo Companion
CVE-2023-0162 Jan 10, 2023
CPO Companion WP Plugin 1.0.4: Authenticated Stored XSS The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Cpo Companion
CVE-2022-0186 Feb 21, 2022
The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard
Image Photo Gallery Final Tiles Grid
CVE-2021-24304 Aug 09, 2021
The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.
Newsmag
CVE-2020-9003 Feb 20, 2020
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users.
Modula Image Gallery
CVE-2020-8549 Feb 03, 2020
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
Strong Testimonials
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.