Hot-themes Hot Random Image — known CVE vulnerabilities
Every CVE whose affected-product data names Hot-themes Hot Random Image, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2024-29796 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hot Themes Hot Random Image allows…
CVE-2025-4405 — CVSS 4.9 (medium): The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to…
CVE-2025-4419 — CVSS 4.3 (medium): The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path'…