4 matches found
CVE-2021-24129
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...
Cross site scripting
Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...
Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting
Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post 3. Publish/Send for review and visit created post/preview as editor/admin to trigger XSS...
Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting
Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post = 1.1.5 allow low-privileged users Contributor+ to inject arbitrary Javascript code or HTML in posts where the Themify Custom Panel is embedded. PoC 1. As a contributor, go into "Portfolios" tab from the sidebar and create a ne...