Lucene search
+L

513 matches found

cve
cve
added 2023/01/16 3:37 p.m.55 views

CVE-2022-4464

The CVE concerns Themify Portfolio Post WordPress plugin prior to 1.2.1. The issue is that the plugin does not validate and escapes certain shortcode attributes before outputting them, enabling Stored XSS by users with as little as a contributor, potentially targeting admin users. A PoC shortcode...

5.4CVSS5.3AI score0.00534EPSS
Exploits2References1Affected Software1
vulnrichment
vulnrichment
added 2023/01/16 3:37 p.m.7 views

CVE-2022-4464 Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...

6.1AI score0.00534EPSS
Exploits2References1
cvelist
cvelist
added 2023/01/16 3:37 p.m.22 views

CVE-2022-4464 Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...

5.5AI score0.00534EPSS
Exploits2References1
ptsecurity
ptsecurity
added 2023/01/16 12:0 a.m.5 views

PT-2023-14525 · WordPress · Themify Portfolio Post

Name of the Vulnerable Software and Affected Versions: Themify Portfolio Post WordPress plugin versions prior to 1.2.1 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as...

5.4CVSS6.1AI score0.00534EPSS
Exploits2References6
cnnvd
cnnvd
added 2023/01/16 12:0 a.m.6 views

WordPress plugin Themify Portfolio Post 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

5.4CVSS5.4AI score0.00534EPSS
Exploits2References2
patchstack
patchstack
added 2023/01/04 12:0 a.m.15 views

WordPress Themify Shortcodes Plugin < 2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Themify Shortcodes Type Plugin Vulnerable versions 2.0.8 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4787 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 25f866583e9e Credits István Márton...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/01/04 12:0 a.m.89 views

Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...

5.4CVSS2.1AI score0.00471EPSS
Exploits2
wpvulndb
wpvulndb
added 2023/01/04 12:0 a.m.19 views

Themify Shortcodes < 2.0.8 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: themifybutton color='red" onmouseover="alert1"'XSS/themifybutton...

5.4CVSS4.1AI score0.00471EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2022/12/23 12:0 a.m.13 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. PoC Explo...

5.4CVSS1.7AI score0.00534EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/12/23 12:0 a.m.515 views

Themify Portfolio Post < 1.2.1 - Contributor+ Stored XSS

The plugin does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin. Exploit...

5.4CVSS0.7AI score0.00534EPSS
Exploits2
cnvd
cnvd
added 2022/06/15 12:0 a.m.36 views

WordPress Themify plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Themify plugin prior to 1.3.8. The...

6.1CVSS2AI score0.00815EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/06/13 1:15 p.m.5 views

CVE-2022-1532

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.5AI score0.00815EPSS
Exploits2References2
osv
osv
added 2022/06/13 1:15 p.m.3 views

CVE-2022-1532

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS5.8AI score0.00815EPSS
Exploits2References1
prion
prion
added 2022/06/13 1:15 p.m.25 views

Cross site scripting

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6AI score0.00815EPSS
Exploits2References1Affected Software1
cve
cve
added 2022/06/13 12:41 p.m.70 views

CVE-2022-1532

CVE-2022-1532 affects the Themify WordPress plugin prior to 1.3.8. The root cause is that the page parameter is not sanitized/escaped before being output in an admin-page attribute, leading to a Reflected Cross-Site Scripting vulnerability. Public sources consistently describe the impact as refle...

6.1CVSS6AI score0.00815EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2022/06/13 12:41 p.m.35 views

CVE-2022-1532 Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00815EPSS
Exploits2References1
cnnvd
cnnvd
added 2022/06/13 12:0 a.m.8 views

WordPress plugin Themify 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Themify plugin prior to 1.3.8. The...

6.1CVSS4.8AI score0.00815EPSS
Exploits2References2
patchstack
patchstack
added 2022/05/18 12:0 a.m.22 views

WordPress Themify – WooCommerce Product Filter plugin <= 1.3.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Utkarsh Agrawal in WordPress Themify – WooCommerce Product Filter plugin versions = 1.3.7. Solution Update the WordPress Themify – WooCommerce Product Filter plugin to the latest available version at least 1.3.8...

6.1CVSS1.9AI score0.00815EPSS
Exploits2References3Affected Software1
wpvulndb
wpvulndb
added 2022/05/18 12:0 a.m.73 views

Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting PoC...

6.1CVSS1.6AI score0.00815EPSS
Exploits2Affected Software1
osv
osv
added 2022/05/09 5:15 p.m.3 views

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

6.1CVSS5.3AI score0.00773EPSS
Exploits2References1
Rows per page
Query Builder