513 matches found
CVE-2022-4464
The CVE concerns Themify Portfolio Post WordPress plugin prior to 1.2.1. The issue is that the plugin does not validate and escapes certain shortcode attributes before outputting them, enabling Stored XSS by users with as little as a contributor, potentially targeting admin users. A PoC shortcode...
CVE-2022-4464 Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS
Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...
CVE-2022-4464 Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS
Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...
PT-2023-14525 · WordPress · Themify Portfolio Post
Name of the Vulnerable Software and Affected Versions: Themify Portfolio Post WordPress plugin versions prior to 1.2.1 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as...
WordPress plugin Themify Portfolio Post 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Themify Shortcodes Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)
Software Themify Shortcodes Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4787 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 25f866583e9e Credits István Márton...
Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...
Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...
Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS
The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. PoC Explo...
Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS
The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. Exploit...
WordPress Themify plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Themify plugin prior to 1.3.8. The...
CVE-2022-1532
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1532
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2022-1532
CVE-2022-1532 affects the Themify WordPress plugin prior to 1.3.8. The root cause is that the page parameter is not sanitized/escaped before being output in an admin-page attribute, leading to a Reflected Cross-Site Scripting vulnerability. Public sources consistently describe the impact as refle...
CVE-2022-1532 Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
WordPress plugin Themify 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Themify plugin prior to 1.3.8. The...
WordPress Themify – WooCommerce Product Filter plugin <= 1.3.7 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress Themify – WooCommerce Product Filter plugin versions = 1.3.7. Solution Update the WordPress Themify – WooCommerce Product Filter plugin to the latest available version at least 1.3.8...
Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC...
CVE-2022-1047
The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...