Lucene search
+L

513 matches found

nvd
nvd
added 2022/05/09 5:15 p.m.20 views

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

6.1CVSS0.00773EPSS
Exploits2References1
prion
prion
added 2022/05/09 5:15 p.m.13 views

Cross site scripting

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

4.3CVSS6AI score0.00773EPSS
Exploits2References1Affected Software1
cve
cve
added 2022/05/09 4:50 p.m.80 views

CVE-2022-1047

CVE-2022-1047 affects the WordPress plugin Themify - Post Type Builder Search Addon (before version 1.4.0). The vulnerability is a reflected XSS caused by improper escaping of the current page URL when reusing it in an HTML attribute. Several sources (NVD, Red Hat, CVE lists, Patchstack, WPScan) ...

6.1CVSS6AI score0.00773EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2022/05/09 4:50 p.m.34 views

CVE-2022-1047 Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

6.2AI score0.00773EPSS
Exploits2References1
cnnvd
cnnvd
added 2022/05/09 12:0 a.m.7 views

WordPress plugin Themify Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS5.9AI score0.00773EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/04/12 12:0 a.m.111 views

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

6.1CVSS6.1AI score0.00773EPSS
Exploits2
wpvulndb
wpvulndb
added 2022/04/12 12:0 a.m.15 views

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. PoC On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

6.1CVSS6AI score0.00773EPSS
Exploits2Affected Software1
patchstack
patchstack
added 2022/04/12 12:0 a.m.22 views

WordPress Themify - Post Type Builder Search Addon premium plugin <= 1.3.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Kevin Barbón García, David Álvarez Robles, Francisco Díaz-Pache Alonso & Sergio Corral Cristo in WordPress Themify - Post Type Builder Search Addon premium plugin versions = 1.3.9. Solution Update the WordPress Themify - Post Type...

6.1CVSS1.6AI score0.00773EPSS
Exploits2References3Affected Software1
cnvd
cnvd
added 2022/02/16 12:0 a.m.17 views

WordPress Themify Portfolio Post plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Themify Portfolio Post...

5.4CVSS0.8AI score0.006EPSS
Exploits2References1
osv
osv
added 2022/02/14 12:15 p.m.5 views

CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS5.8AI score0.006EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/02/14 12:15 p.m.9 views

CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS5.9AI score0.006EPSS
Exploits2References2
nvd
nvd
added 2022/02/14 12:15 p.m.13 views

CVE-2022-0200

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS0.006EPSS
Exploits2References1
prion
prion
added 2022/02/14 12:15 p.m.12 views

Cross site scripting

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

3.5CVSS5.3AI score0.006EPSS
Exploits2References1Affected Software1
cve
cve
added 2022/02/14 9:21 a.m.84 views

CVE-2022-0200

The CVE-2022-0200 entry concerns the Themify Portfolio Post WordPress plugin before version 1.1.7. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to the plugin failing to sanitize and escape the num_of_pages parameter in the response of the themify_create_popup_page_pagination AJ...

5.4CVSS5.2AI score0.006EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2022/02/14 9:21 a.m.22 views

CVE-2022-0200 Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting

Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.5AI score0.006EPSS
Exploits2References1
cnnvd
cnnvd
added 2022/02/14 12:0 a.m.7 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress Themify Portfolio Post...

5.4CVSS5.8AI score0.006EPSS
Exploits2References2
patchstack
patchstack
added 2022/01/14 12:0 a.m.18 views

WordPress Themify Portfolio Post plugin <= 1.1.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Themify Portfolio Post plugin versions = 1.1.6. Solution Update the WordPress Themify Portfolio Post plugin to the latest available version at least 1.1.7...

5.4CVSS1.7AI score0.006EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/01/14 12:0 a.m.387 views

Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting alert/XSS/;'...

5.4CVSS5.4AI score0.006EPSS
Exploits2
wpvulndb
wpvulndb
added 2022/01/14 12:0 a.m.15 views

Themify Portfolio Post < 1.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the numofpages parameter before outputting it back the response of the themifycreatepopuppagepagination AJAX action available to any authenticated user, leading to a Reflected Cross-Site Scripting PoC...

5.4CVSS0.8AI score0.006EPSS
Exploits2Affected Software1
wpvulndb
wpvulndb
added 2021/10/04 12:0 a.m.10 views

Themify Builder < 5.3.2 - Reflected Cross-Site Scripting

The plugin does not escape some parameters before outputting them back in attributes and tags in an admin page, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-admin/admin.php?page=themify-global-styles=" https://example.com/wp-admin/admin.php?page=themify-global-style...

0.7AI score
Exploits0Affected Software1
Rows per page
Query Builder