CVE-2022-1532

🗓️ 13 Jun 2022 12:41:54Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 65 Views🌐 WEB

Themify WordPress plugin before 1.3.8 allows Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2022-1532	13 Jun 202213:15	–	attackerkb
Circl	CVE-2022-1532	23 Sep 202211:56	–	circl
CNNVD	WordPress plugin Themify 跨站脚本漏洞	13 Jun 202200:00	–	cnnvd
CNVD	WordPress Themify plugin cross-site scripting vulnerability	15 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-1532 Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting	13 Jun 202212:41	–	cvelist
EUVD	EUVD-2022-24829	3 Oct 202520:07	–	euvd
Kitploit	SCodeScanner - Stands For Source Code Scanner Where The User Can Scans The Source Code For Finding The Critical Vulnerabilities	23 Sep 202211:30	–	kitploit
NVD	CVE-2022-1532	13 Jun 202213:15	–	nvd
Patchstack	WordPress Themify – WooCommerce Product Filter plugin <= 1.3.7 - Reflected Cross-Site Scripting (XSS) vulnerability	18 May 202200:00	–	patchstack
Prion	Cross site scripting	13 Jun 202213:15	–	prion

NVD

Vulners

Node

themify woocommerce_product_filterRange<1.3.8wordpress

[
  {
    "product": "Themify – WooCommerce Product Filter",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.3.8",
        "status": "affected",
        "version": "1.3.8",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/d106cd93-cb9b-4558-9a29-0d556fd7c9e1

Parameter	Position	Path	Description	CWE
page	request body	/wp-admin/admin.php	The Themify WordPress plugin reflects the page parameter in an admin page without sanitization/escaping, enabling Reflected XSS via the page value.	CWE-79

17 Jun 2026 04:22Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.00796

CWE-79