CVE-2024-2278

🗓️ 01 Apr 2024 05:00:02Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 101 Views🌐 WEB

Themify WordPress plugin 1.4.4 Filters settings vulnerabilit

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress plugin Themify 安全漏洞	1 Apr 202400:00	–	cnnvd
Cvelist	CVE-2024-2278 WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS	1 Apr 202405:00	–	cvelist
NVD	CVE-2024-2278	1 Apr 202405:15	–	nvd
OSV	CVE-2024-2278	1 Apr 202405:15	–	osv
Patchstack	WordPress WooCommerce Product Filter plugin < 1.4.4 - Admin+ Stored XSS vulnerability	1 Apr 202408:33	–	patchstack
Patchstack	WordPress Themify – WooCommerce Product Filter Plugin < 1.4.4 is vulnerable to Cross Site Scripting (XSS)	1 Apr 202400:00	–	patchstack
Positive Technologies	PT-2024-19563 · WordPress · Themify	1 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-2278	23 May 202510:06	–	redhatcve
Vulnrichment	CVE-2024-2278 WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS	1 Apr 202405:00	–	vulnrichment
wpexploit	WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS	11 Mar 202400:00	–	wpexploit

NVD

Vulners

Vulnrichment

Node

themify woocommerce_product_filterRange<1.4.4wordpress

[
  {
    "vendor": "Unknown",
    "product": "Themify ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.4.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/2cbabde8-1e3e-4205-8a5c-b889447236a0/

Parameter	Position	Path	Description	CWE
name	request body	/wp-admin/admin.php?page=wpf_search	Stored XSS via unsanitized filter name in Themify WordPress plugin prior to 1.4.4.	CWE-79

17 Jun 2026 07:24Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.1

EPSS0.0042

SSVC

CWE-79